diff options
Diffstat (limited to 'test')
28 files changed, 1698 insertions, 913 deletions
diff --git a/test/README.ssltest.md b/test/README.ssltest.md index 445fda997c..53ee0b433c 100644 --- a/test/README.ssltest.md +++ b/test/README.ssltest.md @@ -45,7 +45,22 @@ An example test input looks like this: } ``` -The test section supports the following options: +The test section supports the following options + +### Test mode + +* Method - the method to test. One of DTLS or TLS. + +* HandshakeMode - which handshake flavour to test: + - Simple - plain handshake (default) + - Resume - test resumption + - (Renegotiate - test renegotiation, not yet implemented) + +When HandshakeMode is Resume or Renegotiate, the original handshake is expected +to succeed. All configured test expectations are verified against the second +handshake. + +### Test expectations * ExpectedResult - expected handshake outcome. One of - Success - handshake success @@ -53,54 +68,22 @@ The test section supports the following options: - ClientFail - clientside handshake failure - InternalError - some other error -* ClientAlert, ServerAlert - expected alert. See `ssl_test_ctx.c` for known - values. +* ExpectedClientAlert, ExpectedServerAlert - expected alert. See + `ssl_test_ctx.c` for known values. -* Protocol - expected negotiated protocol. One of +* ExpectedProtocol - expected negotiated protocol. One of SSLv3, TLSv1, TLSv1.1, TLSv1.2. -* ClientVerifyCallback - the client's custom certificate verify callback. - Used to test callback behaviour. One of - - None - no custom callback (default) - - AcceptAll - accepts all certificates. - - RejectAll - rejects all certificates. - -* Method - the method to test. One of DTLS or TLS. - -* ServerName - the server the client should attempt to connect to. One of - - None - do not use SNI (default) - - server1 - the initial context - - server2 - the secondary context - - invalid - an unknown context - -* ServerNameCallback - the SNI switching callback to use - - None - no callback (default) - - IgnoreMismatch - continue the handshake on SNI mismatch - - RejectMismatch - abort the handshake on SNI mismatch - * SessionTicketExpected - whether or not a session ticket is expected - Ignore - do not check for a session ticket (default) - Yes - a session ticket is expected - No - a session ticket is not expected - - Broken - a special test case where the session ticket callback does not - initialize crypto - -* HandshakeMode - which handshake flavour to test: - - Simple - plain handshake (default) - - Resume - test resumption - - (Renegotiate - test renegotiation, not yet implemented) * ResumptionExpected - whether or not resumption is expected (Resume mode only) - Yes - resumed handshake - No - full handshake (default) -When HandshakeMode is Resume or Renegotiate, the original handshake is expected -to succeed. All configured test expectations are verified against the second handshake. - -* ServerNPNProtocols, Server2NPNProtocols, ClientNPNProtocols, ExpectedNPNProtocol, - ServerALPNProtocols, Server2ALPNProtocols, ClientALPNProtocols, ExpectedALPNProtocol - - NPN and ALPN settings. Server and client protocols can be specified as a comma-separated list, - and a callback with the recommended behaviour will be installed automatically. +* ExpectedNPNProtocol, ExpectedALPNProtocol - NPN and ALPN expectations. ## Configuring the client and server @@ -132,6 +115,52 @@ The following sections may optionally be defined: whenever HandshakeMode is Resume. If the resume_client section is not present, then the configuration matches client. +### Configuring callbacks and additional options + +Additional handshake settings can be configured in the `extra` section of each +client and server: + +``` +client => { + "CipherString" => "DEFAULT", + extra => { + "ServerName" => "server2", + } +} +``` + +#### Supported client-side options + +* ClientVerifyCallback - the client's custom certificate verify callback. + Used to test callback behaviour. One of + - None - no custom callback (default) + - AcceptAll - accepts all certificates. + - RejectAll - rejects all certificates. + +* ServerName - the server the client should attempt to connect to. One of + - None - do not use SNI (default) + - server1 - the initial context + - server2 - the secondary context + - invalid - an unknown context + +#### Supported server-side options + +* ServerNameCallback - the SNI switching callback to use + - None - no callback (default) + - IgnoreMismatch - continue the handshake on SNI mismatch + - RejectMismatch - abort the handshake on SNI mismatch + +* BrokenSessionTicket - a special test case where the session ticket callback + does not initialize crypto. + - No (default) + - Yes + +#### Mutually supported options + +* NPNProtocols, ALPNProtocols - NPN and ALPN settings. Server and client + protocols can be specified as a comma-separated list, and a callback with the + recommended behaviour will be installed automatically. + ### Default server and client configurations The default server certificate and CA files are added to the configurations diff --git a/test/generate_ssl_tests.pl b/test/generate_ssl_tests.pl index f103e8efb5..fd785b7bc6 100644 --- a/test/generate_ssl_tests.pl +++ b/test/generate_ssl_tests.pl @@ -46,7 +46,8 @@ sub print_templates { if (defined $test->{"server2"}) { $test->{"server2"} = { (%ssltests::base_server, %{$test->{"server2"}}) }; } else { - if (defined $test->{"test"}->{"ServerNameCallback"}) { + if ($test->{"server"}->{"extra"} && + defined $test->{"server"}->{"extra"}->{"ServerNameCallback"}) { # Default is the same as server. $test->{"reuse_server2"} = 1; } diff --git a/test/handshake_helper.c b/test/handshake_helper.c index c7023fe0f2..0da8c544ea 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -269,7 +269,7 @@ static int server_alpn_cb(SSL *s, const unsigned char **out, */ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx, - const SSL_TEST_CTX *test_ctx, + const SSL_TEST_EXTRA_CONF *extra, CTX_DATA *server_ctx_data, CTX_DATA *server2_ctx_data, CTX_DATA *client_ctx_data) @@ -277,7 +277,7 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, unsigned char *ticket_keys; size_t ticket_key_len; - switch (test_ctx->client_verify_callback) { + switch (extra->client.verify_callback) { case SSL_TEST_VERIFY_ACCEPT_ALL: SSL_CTX_set_cert_verify_callback(client_ctx, &verify_accept_cb, NULL); @@ -291,7 +291,7 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, } /* link the two contexts for SNI purposes */ - switch (test_ctx->servername_callback) { + switch (extra->server.servername_callback) { case SSL_TEST_SERVERNAME_IGNORE_MISMATCH: SSL_CTX_set_tlsext_servername_callback(server_ctx, servername_ignore_cb); SSL_CTX_set_tlsext_servername_arg(server_ctx, server2_ctx); @@ -313,49 +313,49 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX_set_tlsext_ticket_key_cb(server2_ctx, do_not_call_session_ticket_cb); - if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_BROKEN) { + if (extra->server.broken_session_ticket) { SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, broken_session_ticket_cb); } #ifndef OPENSSL_NO_NEXTPROTONEG - if (test_ctx->server_npn_protocols != NULL) { - parse_protos(test_ctx->server_npn_protocols, + if (extra->server.npn_protocols != NULL) { + parse_protos(extra->server.npn_protocols, &server_ctx_data->npn_protocols, &server_ctx_data->npn_protocols_len); SSL_CTX_set_next_protos_advertised_cb(server_ctx, server_npn_cb, server_ctx_data); } - if (test_ctx->server2_npn_protocols != NULL) { - parse_protos(test_ctx->server2_npn_protocols, + if (extra->server2.npn_protocols != NULL) { + parse_protos(extra->server2.npn_protocols, &server2_ctx_data->npn_protocols, &server2_ctx_data->npn_protocols_len); OPENSSL_assert(server2_ctx != NULL); SSL_CTX_set_next_protos_advertised_cb(server2_ctx, server_npn_cb, server2_ctx_data); } - if (test_ctx->client_npn_protocols != NULL) { - parse_protos(test_ctx->client_npn_protocols, + if (extra->client.npn_protocols != NULL) { + parse_protos(extra->client.npn_protocols, &client_ctx_data->npn_protocols, &client_ctx_data->npn_protocols_len); SSL_CTX_set_next_proto_select_cb(client_ctx, client_npn_cb, client_ctx_data); } - if (test_ctx->server_alpn_protocols != NULL) { - parse_protos(test_ctx->server_alpn_protocols, + if (extra->server.alpn_protocols != NULL) { + parse_protos(extra->server.alpn_protocols, &server_ctx_data->alpn_protocols, &server_ctx_data->alpn_protocols_len); SSL_CTX_set_alpn_select_cb(server_ctx, server_alpn_cb, server_ctx_data); } - if (test_ctx->server2_alpn_protocols != NULL) { + if (extra->server2.alpn_protocols != NULL) { OPENSSL_assert(server2_ctx != NULL); - parse_protos(test_ctx->server2_alpn_protocols, + parse_protos(extra->server2.alpn_protocols, &server2_ctx_data->alpn_protocols, &server2_ctx_data->alpn_protocols_len); SSL_CTX_set_alpn_select_cb(server2_ctx, server_alpn_cb, server2_ctx_data); } - if (test_ctx->client_alpn_protocols != NULL) { + if (extra->client.alpn_protocols != NULL) { unsigned char *alpn_protos = NULL; size_t alpn_protos_len; - parse_protos(test_ctx->client_alpn_protocols, + parse_protos(extra->client.alpn_protocols, &alpn_protos, &alpn_protos_len); /* Reversed return value convention... */ OPENSSL_assert(SSL_CTX_set_alpn_protos(client_ctx, alpn_protos, @@ -377,11 +377,11 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, /* Configure per-SSL callbacks and other properties. */ static void configure_handshake_ssl(SSL *server, SSL *client, - const SSL_TEST_CTX *test_ctx) + const SSL_TEST_EXTRA_CONF *extra) { - if (test_ctx->servername != SSL_TEST_SERVERNAME_NONE) + if (extra->client.servername != SSL_TEST_SERVERNAME_NONE) SSL_set_tlsext_host_name(client, - ssl_servername_name(test_ctx->servername)); + ssl_servername_name(extra->client.servername)); } @@ -518,7 +518,7 @@ static char *dup_str(const unsigned char *in, size_t len) static HANDSHAKE_RESULT *do_handshake_internal( SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx, - const SSL_TEST_CTX *test_ctx, SSL_SESSION *session_in, + const SSL_TEST_EXTRA_CONF *extra, SSL_SESSION *session_in, SSL_SESSION **session_out) { SSL *server, *client; @@ -542,14 +542,14 @@ static HANDSHAKE_RESULT *do_handshake_internal( memset(&server2_ctx_data, 0, sizeof(server2_ctx_data)); memset(&client_ctx_data, 0, sizeof(client_ctx_data)); - configure_handshake_ctx(server_ctx, server2_ctx, client_ctx, test_ctx, + configure_handshake_ctx(server_ctx, server2_ctx, client_ctx, extra, &server_ctx_data, &server2_ctx_data, &client_ctx_data); server = SSL_new(server_ctx); client = SSL_new(client_ctx); OPENSSL_assert(server != NULL && client != NULL); - configure_handshake_ssl(server, client, test_ctx); + configure_handshake_ssl(server, client, extra); if (session_in != NULL) { /* In case we're testing resumption without tickets. */ OPENSSL_assert(SSL_CTX_add_session(server_ctx, session_in)); @@ -689,7 +689,7 @@ HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_SESSION *session = NULL; result = do_handshake_internal(server_ctx, server2_ctx, client_ctx, - test_ctx, NULL, &session); + &test_ctx->extra, NULL, &session); if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_SIMPLE) goto end; @@ -703,7 +703,7 @@ HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, HANDSHAKE_RESULT_free(result); /* We don't support SNI on second handshake yet, so server2_ctx is NULL. */ result = do_handshake_internal(resume_server_ctx, NULL, resume_client_ctx, - test_ctx, session, NULL); + &test_ctx->resume_extra, session, NULL); end: SSL_SESSION_free(session); return result; diff --git a/test/ssl-tests/01-simple.conf b/test/ssl-tests/01-simple.conf index ab34e01378..6f2f6c4893 100644 --- a/test/ssl-tests/01-simple.conf +++ b/test/ssl-tests/01-simple.conf @@ -46,7 +46,7 @@ CipherString = DEFAULT VerifyMode = Peer [test-1] -ClientAlert = UnknownCA +ExpectedClientAlert = UnknownCA ExpectedResult = ClientFail diff --git a/test/ssl-tests/01-simple.conf.in b/test/ssl-tests/01-simple.conf.in index e3a6330bde..45ddd61921 100644 --- a/test/ssl-tests/01-simple.conf.in +++ b/test/ssl-tests/01-simple.conf.in @@ -28,7 +28,7 @@ our @tests = ( }, test => { "ExpectedResult" => "ClientFail", - "ClientAlert" => "UnknownCA", + "ExpectedClientAlert" => "UnknownCA", }, }, ); diff --git a/test/ssl-tests/02-protocol-version.conf b/test/ssl-tests/02-protocol-version.conf index 1b9a41b43f..cb89dbc10a 100644 --- a/test/ssl-tests/02-protocol-version.conf +++ b/test/ssl-tests/02-protocol-version.conf @@ -894,8 +894,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-20] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -920,8 +920,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-21] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -946,8 +946,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-22] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -971,8 +971,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-23] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1024,8 +1024,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-25] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1051,8 +1051,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-26] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1078,8 +1078,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-27] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1104,8 +1104,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-28] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1131,8 +1131,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-29] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1158,8 +1158,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-30] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1185,8 +1185,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-31] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1211,8 +1211,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-32] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1390,8 +1390,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-39] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1416,8 +1416,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-40] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1442,8 +1442,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-41] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1467,8 +1467,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-42] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1520,8 +1520,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-44] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1547,8 +1547,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-45] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1574,8 +1574,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-46] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1600,8 +1600,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-47] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1627,8 +1627,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-48] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1654,8 +1654,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-49] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1681,8 +1681,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-50] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1707,8 +1707,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-51] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1734,8 +1734,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-52] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1761,8 +1761,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-53] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1787,8 +1787,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-54] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1889,8 +1889,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-58] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1915,8 +1915,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-59] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1941,8 +1941,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-60] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -1966,8 +1966,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-61] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2019,8 +2019,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-63] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -2046,8 +2046,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-64] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -2073,8 +2073,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-65] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2099,8 +2099,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-66] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2126,8 +2126,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-67] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -2153,8 +2153,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-68] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -2180,8 +2180,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-69] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2206,8 +2206,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-70] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2233,8 +2233,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-71] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -2260,8 +2260,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-72] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2286,8 +2286,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-73] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2313,8 +2313,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-74] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2339,8 +2339,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-75] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2388,8 +2388,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-77] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -2413,8 +2413,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-78] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -2438,8 +2438,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-79] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2462,8 +2462,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-80] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2513,8 +2513,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-82] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -2539,8 +2539,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-83] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -2565,8 +2565,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-84] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2590,8 +2590,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-85] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2616,8 +2616,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-86] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -2642,8 +2642,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-87] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -2668,8 +2668,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-88] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2693,8 +2693,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-89] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2719,8 +2719,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-90] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -2745,8 +2745,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-91] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2770,8 +2770,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-92] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2796,8 +2796,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-93] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2821,8 +2821,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-94] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -3377,8 +3377,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-115] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -3404,8 +3404,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-116] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -3431,8 +3431,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-117] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -3457,8 +3457,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-118] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -3512,8 +3512,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-120] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -3540,8 +3540,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-121] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -3568,8 +3568,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-122] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -3595,8 +3595,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-123] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -3623,8 +3623,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-124] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -3651,8 +3651,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-125] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -3679,8 +3679,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-126] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -3706,8 +3706,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-127] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -3892,8 +3892,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-134] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -3919,8 +3919,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-135] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -3946,8 +3946,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-136] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -3972,8 +3972,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-137] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -4027,8 +4027,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-139] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -4055,8 +4055,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-140] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -4083,8 +4083,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-141] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -4110,8 +4110,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-142] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -4138,8 +4138,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-143] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -4166,8 +4166,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-144] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -4194,8 +4194,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-145] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -4221,8 +4221,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-146] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -4249,8 +4249,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-147] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -4277,8 +4277,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-148] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -4304,8 +4304,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-149] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -4410,8 +4410,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-153] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -4437,8 +4437,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-154] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -4464,8 +4464,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-155] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -4490,8 +4490,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-156] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -4545,8 +4545,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-158] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -4573,8 +4573,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-159] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -4601,8 +4601,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-160] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -4628,8 +4628,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-161] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -4656,8 +4656,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-162] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -4684,8 +4684,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-163] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -4712,8 +4712,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-164] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -4739,8 +4739,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-165] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -4767,8 +4767,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-166] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -4795,8 +4795,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-167] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -4822,8 +4822,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-168] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -4850,8 +4850,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-169] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -4877,8 +4877,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-170] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -4928,8 +4928,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-172] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -4954,8 +4954,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-173] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -4980,8 +4980,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-174] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -5005,8 +5005,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-175] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -5058,8 +5058,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-177] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -5085,8 +5085,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-178] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -5112,8 +5112,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-179] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -5138,8 +5138,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-180] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -5165,8 +5165,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-181] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -5192,8 +5192,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-182] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -5219,8 +5219,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-183] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -5245,8 +5245,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-184] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -5272,8 +5272,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-185] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -5299,8 +5299,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-186] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -5325,8 +5325,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-187] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -5352,8 +5352,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-188] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -5378,8 +5378,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-189] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -5431,8 +5431,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-191] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -5458,8 +5458,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-192] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -5485,8 +5485,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-193] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -5511,8 +5511,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-194] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -5566,8 +5566,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-196] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -5594,8 +5594,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-197] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -5622,8 +5622,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-198] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -5649,8 +5649,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-199] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -5677,8 +5677,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-200] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -5705,8 +5705,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-201] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -5733,8 +5733,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-202] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -5760,8 +5760,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-203] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -5946,8 +5946,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-210] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -5973,8 +5973,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-211] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -6000,8 +6000,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-212] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -6026,8 +6026,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-213] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -6081,8 +6081,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-215] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -6109,8 +6109,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-216] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -6137,8 +6137,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-217] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -6164,8 +6164,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-218] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -6192,8 +6192,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-219] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -6220,8 +6220,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-220] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -6248,8 +6248,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-221] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -6275,8 +6275,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-222] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -6303,8 +6303,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-223] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -6331,8 +6331,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-224] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -6358,8 +6358,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-225] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -6464,8 +6464,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-229] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -6491,8 +6491,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-230] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -6518,8 +6518,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-231] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -6544,8 +6544,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-232] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -6599,8 +6599,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-234] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -6627,8 +6627,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-235] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -6655,8 +6655,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-236] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -6682,8 +6682,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-237] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -6710,8 +6710,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-238] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -6738,8 +6738,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-239] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -6766,8 +6766,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-240] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -6793,8 +6793,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-241] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -6821,8 +6821,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-242] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -6849,8 +6849,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-243] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -6876,8 +6876,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-244] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -6904,8 +6904,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-245] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -6931,8 +6931,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-246] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -6982,8 +6982,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-248] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -7008,8 +7008,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-249] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -7034,8 +7034,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-250] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -7059,8 +7059,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-251] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -7112,8 +7112,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-253] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -7139,8 +7139,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-254] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -7166,8 +7166,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-255] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -7192,8 +7192,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-256] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -7219,8 +7219,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-257] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -7246,8 +7246,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-258] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -7273,8 +7273,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-259] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -7299,8 +7299,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-260] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -7326,8 +7326,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-261] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -7353,8 +7353,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-262] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -7379,8 +7379,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-263] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -7406,8 +7406,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-264] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -7432,8 +7432,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-265] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -7511,8 +7511,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-268] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -7538,8 +7538,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-269] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -7564,8 +7564,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-270] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -7646,8 +7646,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-273] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -7674,8 +7674,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-274] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -7701,8 +7701,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-275] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -7756,8 +7756,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-277] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -7784,8 +7784,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-278] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -7811,8 +7811,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-279] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -7839,8 +7839,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-280] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -7867,8 +7867,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-281] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -7894,8 +7894,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-282] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -8026,8 +8026,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-287] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -8053,8 +8053,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-288] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -8079,8 +8079,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-289] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -8161,8 +8161,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-292] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -8189,8 +8189,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-293] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -8216,8 +8216,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-294] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -8271,8 +8271,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-296] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -8299,8 +8299,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-297] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -8326,8 +8326,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-298] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -8354,8 +8354,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-299] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -8382,8 +8382,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-300] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -8409,8 +8409,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-301] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -8437,8 +8437,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-302] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -8464,8 +8464,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-303] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -8540,8 +8540,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-306] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -8566,8 +8566,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-307] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -8591,8 +8591,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-308] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -8670,8 +8670,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-311] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -8697,8 +8697,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-312] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -8723,8 +8723,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-313] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -8776,8 +8776,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-315] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -8803,8 +8803,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-316] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -8829,8 +8829,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-317] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -8856,8 +8856,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-318] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -8883,8 +8883,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-319] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -8909,8 +8909,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-320] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -8936,8 +8936,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-321] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -8962,8 +8962,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-322] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -9067,8 +9067,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-326] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -9093,8 +9093,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-327] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -9202,8 +9202,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-331] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -9229,8 +9229,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-332] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -9311,8 +9311,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-335] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -9338,8 +9338,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-336] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -9393,8 +9393,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-338] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -9420,8 +9420,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-339] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -9448,8 +9448,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-340] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -9475,8 +9475,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-341] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -9576,8 +9576,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-345] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -9601,8 +9601,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-346] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -9706,8 +9706,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-350] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -9732,8 +9732,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-351] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -9811,8 +9811,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-354] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -9837,8 +9837,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-355] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -9890,8 +9890,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-357] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -9916,8 +9916,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-358] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -9943,8 +9943,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-359] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -9969,7 +9969,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-360] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 diff --git a/test/ssl-tests/03-custom_verify.conf b/test/ssl-tests/03-custom_verify.conf index 835ce91afd..8dca715e74 100644 --- a/test/ssl-tests/03-custom_verify.conf +++ b/test/ssl-tests/03-custom_verify.conf @@ -54,9 +54,12 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-1] -ClientAlert = HandshakeFailure -ClientVerifyCallback = RejectAll +ExpectedClientAlert = HandshakeFailure ExpectedResult = ClientFail +client = 1-verify-custom-reject-client-extra + +[1-verify-custom-reject-client-extra] +VerifyCallback = RejectAll # =========================================================== @@ -79,8 +82,11 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-2] -ClientVerifyCallback = AcceptAll ExpectedResult = Success +client = 2-verify-custom-allow-client-extra + +[2-verify-custom-allow-client-extra] +VerifyCallback = AcceptAll # =========================================================== @@ -122,8 +128,11 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem CipherString = DEFAULT [test-4] -ClientVerifyCallback = RejectAll ExpectedResult = Success +client = 4-noverify-ignore-custom-reject-client-extra + +[4-noverify-ignore-custom-reject-client-extra] +VerifyCallback = RejectAll # =========================================================== @@ -144,8 +153,11 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem CipherString = DEFAULT [test-5] -ClientVerifyCallback = AcceptAll ExpectedResult = Success +client = 5-noverify-accept-custom-allow-client-extra + +[5-noverify-accept-custom-allow-client-extra] +VerifyCallback = AcceptAll # =========================================================== @@ -167,7 +179,7 @@ CipherString = DEFAULT VerifyMode = Peer [test-6] -ClientAlert = UnknownCA +ExpectedClientAlert = UnknownCA ExpectedResult = ClientFail @@ -190,8 +202,11 @@ CipherString = DEFAULT VerifyMode = Peer [test-7] -ClientVerifyCallback = AcceptAll ExpectedResult = Success +client = 7-verify-custom-success-no-root-client-extra + +[7-verify-custom-success-no-root-client-extra] +VerifyCallback = AcceptAll # =========================================================== @@ -213,8 +228,11 @@ CipherString = DEFAULT VerifyMode = Peer [test-8] -ClientAlert = HandshakeFailure -ClientVerifyCallback = RejectAll +ExpectedClientAlert = HandshakeFailure ExpectedResult = ClientFail +client = 8-verify-custom-fail-no-root-client-extra + +[8-verify-custom-fail-no-root-client-extra] +VerifyCallback = RejectAll diff --git a/test/ssl-tests/03-custom_verify.conf.in b/test/ssl-tests/03-custom_verify.conf.in index 1cd4273c7a..287ca9bc86 100644 --- a/test/ssl-tests/03-custom_verify.conf.in +++ b/test/ssl-tests/03-custom_verify.conf.in @@ -26,11 +26,14 @@ our @tests = ( { name => "verify-custom-reject", server => { }, - client => { }, + client => { + extra => { + "VerifyCallback" => "RejectAll", + }, + }, test => { - "ClientVerifyCallback" => "RejectAll", "ExpectedResult" => "ClientFail", - "ClientAlert" => "HandshakeFailure", + "ExpectedClientAlert" => "HandshakeFailure", }, }, @@ -38,9 +41,12 @@ our @tests = ( { name => "verify-custom-allow", server => { }, - client => { }, + client => { + extra => { + "VerifyCallback" => "AcceptAll", + }, + }, test => { - "ClientVerifyCallback" => "AcceptAll", "ExpectedResult" => "Success", }, }, @@ -65,9 +71,11 @@ our @tests = ( client => { "VerifyMode" => undef, "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "RejectAll", + }, }, test => { - "ClientVerifyCallback" => "RejectAll", "ExpectedResult" => "Success", }, }, @@ -80,9 +88,11 @@ our @tests = ( client => { "VerifyMode" => undef, "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "AcceptAll", + }, }, test => { - "ClientVerifyCallback" => "AcceptAll", "ExpectedResult" => "Success", }, }, @@ -98,7 +108,7 @@ our @tests = ( }, test => { "ExpectedResult" => "ClientFail", - "ClientAlert" => "UnknownCA", + "ExpectedClientAlert" => "UnknownCA", }, }, @@ -108,9 +118,11 @@ our @tests = ( server => { }, client => { "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "AcceptAll", + }, }, test => { - "ClientVerifyCallback" => "AcceptAll", "ExpectedResult" => "Success" }, }, @@ -121,14 +133,13 @@ our @tests = ( server => { }, client => { "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "RejectAll", + }, }, test => { - "ClientVerifyCallback" => "RejectAll", "ExpectedResult" => "ClientFail", - "ClientAlert" => "HandshakeFailure", + "ExpectedClientAlert" => "HandshakeFailure", }, }, - - - ); diff --git a/test/ssl-tests/04-client_auth.conf b/test/ssl-tests/04-client_auth.conf index 04bb2345b9..0e91bed9f1 100644 --- a/test/ssl-tests/04-client_auth.conf +++ b/test/ssl-tests/04-client_auth.conf @@ -92,7 +92,7 @@ VerifyMode = Peer [test-2] ExpectedResult = ServerFail -ServerAlert = HandshakeFailure +ExpectedServerAlert = HandshakeFailure # =========================================================== @@ -146,7 +146,7 @@ VerifyMode = Peer [test-4] ExpectedResult = ServerFail -ServerAlert = UnknownCA +ExpectedServerAlert = UnknownCA # =========================================================== @@ -231,7 +231,7 @@ VerifyMode = Peer [test-7] ExpectedResult = ServerFail -ServerAlert = HandshakeFailure +ExpectedServerAlert = HandshakeFailure # =========================================================== @@ -293,7 +293,7 @@ VerifyMode = Peer [test-9] ExpectedResult = ServerFail -ServerAlert = UnknownCA +ExpectedServerAlert = UnknownCA # =========================================================== @@ -378,7 +378,7 @@ VerifyMode = Peer [test-12] ExpectedResult = ServerFail -ServerAlert = HandshakeFailure +ExpectedServerAlert = HandshakeFailure # =========================================================== @@ -440,7 +440,7 @@ VerifyMode = Peer [test-14] ExpectedResult = ServerFail -ServerAlert = UnknownCA +ExpectedServerAlert = UnknownCA # =========================================================== @@ -525,7 +525,7 @@ VerifyMode = Peer [test-17] ExpectedResult = ServerFail -ServerAlert = HandshakeFailure +ExpectedServerAlert = HandshakeFailure # =========================================================== @@ -587,6 +587,6 @@ VerifyMode = Peer [test-19] ExpectedResult = ServerFail -ServerAlert = UnknownCA +ExpectedServerAlert = UnknownCA diff --git a/test/ssl-tests/04-client_auth.conf.in b/test/ssl-tests/04-client_auth.conf.in index 495db02c5f..cd3d42f416 100644 --- a/test/ssl-tests/04-client_auth.conf.in +++ b/test/ssl-tests/04-client_auth.conf.in @@ -77,7 +77,7 @@ sub generate_tests() { }, test => { "ExpectedResult" => "ServerFail", - "ServerAlert" => "HandshakeFailure", + "ExpectedServerAlert" => "HandshakeFailure", }, }; @@ -115,7 +115,7 @@ sub generate_tests() { }, test => { "ExpectedResult" => "ServerFail", - "ServerAlert" => $caalert, + "ExpectedServerAlert" => $caalert, }, }; } diff --git a/test/ssl-tests/05-sni.conf b/test/ssl-tests/05-sni.conf index 3fbb169e82..e1fb3d9d89 100644 --- a/test/ssl-tests/05-sni.conf +++ b/test/ssl-tests/05-sni.conf @@ -31,9 +31,16 @@ VerifyMode = Peer [test-0] ExpectedResult = Success ExpectedServerName = server2 -ServerName = server2 +server = 0-SNI-switch-context-server-extra +server2 = 0-SNI-switch-context-server-extra +client = 0-SNI-switch-context-client-extra + +[0-SNI-switch-context-server-extra] ServerNameCallback = IgnoreMismatch +[0-SNI-switch-context-client-extra] +ServerName = server2 + # =========================================================== @@ -58,9 +65,16 @@ VerifyMode = Peer [test-1] ExpectedResult = Success ExpectedServerName = server1 -ServerName = server1 +server = 1-SNI-keep-context-server-extra +server2 = 1-SNI-keep-context-server-extra +client = 1-SNI-keep-context-client-extra + +[1-SNI-keep-context-server-extra] ServerNameCallback = IgnoreMismatch +[1-SNI-keep-context-client-extra] +ServerName = server1 + # =========================================================== @@ -83,6 +97,9 @@ VerifyMode = Peer [test-2] ExpectedResult = Success +client = 2-SNI-no-server-support-client-extra + +[2-SNI-no-server-support-client-extra] ServerName = server1 @@ -109,6 +126,10 @@ VerifyMode = Peer [test-3] ExpectedResult = Success ExpectedServerName = server1 +server = 3-SNI-no-client-support-server-extra +server2 = 3-SNI-no-client-support-server-extra + +[3-SNI-no-client-support-server-extra] ServerNameCallback = IgnoreMismatch @@ -135,9 +156,16 @@ VerifyMode = Peer [test-4] ExpectedResult = Success ExpectedServerName = server1 -ServerName = invalid +server = 4-SNI-bad-sni-ignore-mismatch-server-extra +server2 = 4-SNI-bad-sni-ignore-mismatch-server-extra +client = 4-SNI-bad-sni-ignore-mismatch-client-extra + +[4-SNI-bad-sni-ignore-mismatch-server-extra] ServerNameCallback = IgnoreMismatch +[4-SNI-bad-sni-ignore-mismatch-client-extra] +ServerName = invalid + # =========================================================== @@ -161,8 +189,15 @@ VerifyMode = Peer [test-5] ExpectedResult = ServerFail -ServerAlert = UnrecognizedName -ServerName = invalid +ExpectedServerAlert = UnrecognizedName +server = 5-SNI-bad-sni-reject-mismatch-server-extra +server2 = 5-SNI-bad-sni-reject-mismatch-server-extra +client = 5-SNI-bad-sni-reject-mismatch-client-extra + +[5-SNI-bad-sni-reject-mismatch-server-extra] ServerNameCallback = RejectMismatch +[5-SNI-bad-sni-reject-mismatch-client-extra] +ServerName = invalid + diff --git a/test/ssl-tests/05-sni.conf.in b/test/ssl-tests/05-sni.conf.in index 0a8378e7a0..76003e7623 100644 --- a/test/ssl-tests/05-sni.conf.in +++ b/test/ssl-tests/05-sni.conf.in @@ -17,58 +17,96 @@ package ssltests; our @tests = ( { name => "SNI-switch-context", - server => { }, - client => { }, - test => { "ServerName" => "server2", - "ExpectedServerName" => "server2", - "ServerNameCallback" => "IgnoreMismatch", - "ExpectedResult" => "Success" }, + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + client => { + extra => { + "ServerName" => "server2", + }, + }, + test => { + "ExpectedServerName" => "server2", + "ExpectedResult" => "Success" + }, }, { name => "SNI-keep-context", - server => { }, - client => { }, - test => { "ServerName" => "server1", - "ExpectedServerName" => "server1", - "ServerNameCallback" => "IgnoreMismatch", - "ExpectedResult" => "Success" }, + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + client => { + extra => { + "ServerName" => "server1", + }, + }, + test => { + "ExpectedServerName" => "server1", + "ExpectedResult" => "Success" + }, }, { name => "SNI-no-server-support", server => { }, - client => { }, - test => { "ServerName" => "server1", - "ExpectedResult" => "Success" }, + client => { + extra => { + "ServerName" => "server1", + }, + }, + test => { "ExpectedResult" => "Success" }, }, { name => "SNI-no-client-support", - server => { }, + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, client => { }, test => { # We expect that the callback is still called # to let the application decide whether they tolerate # missing SNI (as our test callback does). "ExpectedServerName" => "server1", - "ServerNameCallback" => "IgnoreMismatch", "ExpectedResult" => "Success" }, }, { name => "SNI-bad-sni-ignore-mismatch", - server => { }, - client => { }, - test => { "ServerName" => "invalid", - "ExpectedServerName" => "server1", - "ServerNameCallback" => "IgnoreMismatch", - "ExpectedResult" => "Success" }, + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + client => { + extra => { + "ServerName" => "invalid", + }, + }, + test => { + "ExpectedServerName" => "server1", + "ExpectedResult" => "Success" + }, }, { name => "SNI-bad-sni-reject-mismatch", - server => { }, - client => { }, - test => { "ServerName" => "invalid", - "ServerNameCallback" => "RejectMismatch", - "ExpectedResult" => "ServerFail", - "ServerAlert" => "UnrecognizedName"}, + server => { + extra => { + "ServerNameCallback" => "RejectMismatch", + }, + }, + client => { + extra => { + "ServerName" => "invalid", + }, + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "UnrecognizedName" + }, }, ); diff --git a/test/ssl-tests/06-sni-ticket.conf b/test/ssl-tests/06-sni-ticket.conf index 1d8d604d10..9620e015a1 100644 --- a/test/ssl-tests/06-sni-ticket.conf +++ b/test/ssl-tests/06-sni-ticket.conf @@ -49,8 +49,15 @@ VerifyMode = Peer [test-0] ExpectedResult = Success +SessionTicketExpected = No +server = 0-sni-session-ticket-server-extra +client = 0-sni-session-ticket-client-extra + +[0-sni-session-ticket-server-extra] +BrokenSessionTicket = Yes + +[0-sni-session-ticket-client-extra] ServerName = server1 -SessionTicketExpected = Broken # =========================================================== @@ -84,9 +91,15 @@ VerifyMode = Peer [test-1] ExpectedResult = Success ExpectedServerName = server1 -ServerName = server1 -ServerNameCallback = IgnoreMismatch SessionTicketExpected = Yes +server = 1-sni-session-ticket-server-extra +client = 1-sni-session-ticket-client-extra + +[1-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[1-sni-session-ticket-client-extra] +ServerName = server1 # =========================================================== @@ -120,9 +133,15 @@ VerifyMode = Peer [test-2] ExpectedResult = Success ExpectedServerName = server2 -ServerName = server2 -ServerNameCallback = IgnoreMismatch SessionTicketExpected = Yes +server = 2-sni-session-ticket-server-extra +client = 2-sni-session-ticket-client-extra + +[2-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[2-sni-session-ticket-client-extra] +ServerName = server2 # =========================================================== @@ -156,9 +175,15 @@ VerifyMode = Peer [test-3] ExpectedResult = Success ExpectedServerName = server1 -ServerName = server1 -ServerNameCallback = IgnoreMismatch SessionTicketExpected = Yes +server = 3-sni-session-ticket-server-extra +client = 3-sni-session-ticket-client-extra + +[3-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[3-sni-session-ticket-client-extra] +ServerName = server1 # =========================================================== @@ -192,9 +217,15 @@ VerifyMode = Peer [test-4] ExpectedResult = Success ExpectedServerName = server2 -ServerName = server2 -ServerNameCallback = IgnoreMismatch SessionTicketExpected = No +server = 4-sni-session-ticket-server-extra +client = 4-sni-session-ticket-client-extra + +[4-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[4-sni-session-ticket-client-extra] +ServerName = server2 # =========================================================== @@ -228,9 +259,15 @@ VerifyMode = Peer [test-5] ExpectedResult = Success ExpectedServerName = server1 -ServerName = server1 -ServerNameCallback = IgnoreMismatch SessionTicketExpected = No +server = 5-sni-session-ticket-server-extra +client = 5-sni-session-ticket-client-extra + +[5-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[5-sni-session-ticket-client-extra] +ServerName = server1 # =========================================================== @@ -264,9 +301,15 @@ VerifyMode = Peer [test-6] ExpectedResult = Success ExpectedServerName = server2 -ServerName = server2 -ServerNameCallback = IgnoreMismatch SessionTicketExpected = No +server = 6-sni-session-ticket-server-extra +client = 6-sni-session-ticket-client-extra + +[6-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[6-sni-session-ticket-client-extra] +ServerName = server2 # =========================================================== @@ -300,9 +343,15 @@ VerifyMode = Peer [test-7] ExpectedResult = Success ExpectedServerName = server1 -ServerName = server1 -ServerNameCallback = IgnoreMismatch SessionTicketExpected = No +server = 7-sni-session-ticket-server-extra +client = 7-sni-session-ticket-client-extra + +[7-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[7-sni-session-ticket-client-extra] +ServerName = server1 # =========================================================== @@ -336,9 +385,15 @@ VerifyMode = Peer [test-8] ExpectedResult = Success ExpectedServerName = server2 -ServerName = server2 -ServerNameCallback = IgnoreMismatch SessionTicketExpected = No +server = 8-sni-session-ticket-server-extra +client = 8-sni-session-ticket-client-extra + +[8-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[8-sni-session-ticket-client-extra] +ServerName = server2 # =========================================================== @@ -372,9 +427,15 @@ VerifyMode = Peer [test-9] ExpectedResult = Success ExpectedServerName = server1 -ServerName = server1 -ServerNameCallback = IgnoreMismatch SessionTicketExpected = No +server = 9-sni-session-ticket-server-extra +client = 9-sni-session-ticket-client-extra + +[9-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[9-sni-session-ticket-client-extra] +ServerName = server1 # =========================================================== @@ -408,9 +469,15 @@ VerifyMode = Peer [test-10] ExpectedResult = Success ExpectedServerName = server2 -ServerName = server2 -ServerNameCallback = IgnoreMismatch SessionTicketExpected = No +server = 10-sni-session-ticket-server-extra +client = 10-sni-session-ticket-client-extra + +[10-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[10-sni-session-ticket-client-extra] +ServerName = server2 # =========================================================== @@ -444,9 +511,15 @@ VerifyMode = Peer [test-11] ExpectedResult = Success ExpectedServerName = server1 -ServerName = server1 -ServerNameCallback = IgnoreMismatch SessionTicketExpected = No +server = 11-sni-session-ticket-server-extra +client = 11-sni-session-ticket-client-extra + +[11-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[11-sni-session-ticket-client-extra] +ServerName = server1 # =========================================================== @@ -480,9 +553,15 @@ VerifyMode = Peer [test-12] ExpectedResult = Success ExpectedServerName = server2 -ServerName = server2 -ServerNameCallback = IgnoreMismatch SessionTicketExpected = No +server = 12-sni-session-ticket-server-extra +client = 12-sni-session-ticket-client-extra + +[12-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[12-sni-session-ticket-client-extra] +ServerName = server2 # =========================================================== @@ -516,9 +595,15 @@ VerifyMode = Peer [test-13] ExpectedResult = Success ExpectedServerName = server1 -ServerName = server1 -ServerNameCallback = IgnoreMismatch SessionTicketExpected = No +server = 13-sni-session-ticket-server-extra +client = 13-sni-session-ticket-client-extra + +[13-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[13-sni-session-ticket-client-extra] +ServerName = server1 # =========================================================== @@ -552,9 +637,15 @@ VerifyMode = Peer [test-14] ExpectedResult = Success ExpectedServerName = server2 -ServerName = server2 -ServerNameCallback = IgnoreMismatch SessionTicketExpected = No +server = 14-sni-session-ticket-server-extra +client = 14-sni-session-ticket-client-extra + +[14-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[14-sni-session-ticket-client-extra] +ServerName = server2 # =========================================================== @@ -588,9 +679,15 @@ VerifyMode = Peer [test-15] ExpectedResult = Success ExpectedServerName = server1 -ServerName = server1 -ServerNameCallback = IgnoreMismatch SessionTicketExpected = No +server = 15-sni-session-ticket-server-extra +client = 15-sni-session-ticket-client-extra + +[15-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[15-sni-session-ticket-client-extra] +ServerName = server1 # =========================================================== @@ -624,8 +721,14 @@ VerifyMode = Peer [test-16] ExpectedResult = Success ExpectedServerName = server2 -ServerName = server2 -ServerNameCallback = IgnoreMismatch SessionTicketExpected = No +server = 16-sni-session-ticket-server-extra +client = 16-sni-session-ticket-client-extra + +[16-sni-session-ticket-server-extra] +ServerNameCallback = IgnoreMismatch + +[16-sni-session-ticket-client-extra] +ServerName = server2 diff --git a/test/ssl-tests/06-sni-ticket.conf.in b/test/ssl-tests/06-sni-ticket.conf.in index 8c95827a52..ccb9cbdb7b 100644 --- a/test/ssl-tests/06-sni-ticket.conf.in +++ b/test/ssl-tests/06-sni-ticket.conf.in @@ -27,18 +27,22 @@ sub generate_tests() { "name" => "sni-session-ticket", "client" => { "Options" => $c, + "extra" => { + "ServerName" => $n, + }, }, "server" => { "Options" => $s1, + "extra" => { + # We don't test mismatch here. + "ServerNameCallback" => "IgnoreMismatch", + }, }, "server2" => { "Options" => $s2, }, "test" => { - "ServerName" => $n, "ExpectedServerName" => $n, - # We don't test mismatch here. - "ServerNameCallback" => "IgnoreMismatch", "ExpectedResult" => "Success", "SessionTicketExpected" => $result, } @@ -69,17 +73,22 @@ push @tests, { "name" => "sni-session-ticket", "client" => { "Options" => "SessionTicket", + "extra" => { + "ServerName" => "server1", + } }, "server" => { "Options" => "SessionTicket", + "extra" => { + "BrokenSessionTicket" => "Yes", + }, }, "server2" => { "Options" => "SessionTicket", }, "test" => { - "ServerName" => "server1", "ExpectedResult" => "Success", - "SessionTicketExpected" => "Broken", + "SessionTicketExpected" => "No", } }; diff --git a/test/ssl-tests/07-dtls-protocol-version.conf b/test/ssl-tests/07-dtls-protocol-version.conf index df7e4df84a..3304a3bbaa 100644 --- a/test/ssl-tests/07-dtls-protocol-version.conf +++ b/test/ssl-tests/07-dtls-protocol-version.conf @@ -88,9 +88,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-0] +ExpectedProtocol = DTLSv1 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1 # =========================================================== @@ -115,9 +115,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-1] +ExpectedProtocol = DTLSv1 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1 # =========================================================== @@ -141,9 +141,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-2] +ExpectedProtocol = DTLSv1 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1 # =========================================================== @@ -169,9 +169,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-3] +ExpectedProtocol = DTLSv1 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1 # =========================================================== @@ -197,9 +197,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-4] +ExpectedProtocol = DTLSv1 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1 # =========================================================== @@ -224,9 +224,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-5] +ExpectedProtocol = DTLSv1 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1 # =========================================================== @@ -304,9 +304,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-8] +ExpectedProtocol = DTLSv1 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1 # =========================================================== @@ -331,9 +331,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-9] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -357,9 +357,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-10] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -385,9 +385,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-11] +ExpectedProtocol = DTLSv1 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1 # =========================================================== @@ -413,9 +413,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-12] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -440,9 +440,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-13] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -468,9 +468,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-14] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -495,9 +495,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-15] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -521,9 +521,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-16] +ExpectedProtocol = DTLSv1 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1 # =========================================================== @@ -547,9 +547,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-17] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -572,9 +572,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-18] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -599,9 +599,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-19] +ExpectedProtocol = DTLSv1 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1 # =========================================================== @@ -626,9 +626,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-20] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -652,9 +652,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-21] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -679,9 +679,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-22] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -705,9 +705,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-23] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -733,9 +733,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-24] +ExpectedProtocol = DTLSv1 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1 # =========================================================== @@ -761,9 +761,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-25] +ExpectedProtocol = DTLSv1 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1 # =========================================================== @@ -788,9 +788,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-26] +ExpectedProtocol = DTLSv1 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1 # =========================================================== @@ -817,9 +817,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-27] +ExpectedProtocol = DTLSv1 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1 # =========================================================== @@ -846,9 +846,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-28] +ExpectedProtocol = DTLSv1 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1 # =========================================================== @@ -874,9 +874,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-29] +ExpectedProtocol = DTLSv1 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1 # =========================================================== @@ -957,9 +957,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-32] +ExpectedProtocol = DTLSv1 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1 # =========================================================== @@ -985,9 +985,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-33] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -1012,9 +1012,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-34] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -1041,9 +1041,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-35] +ExpectedProtocol = DTLSv1 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1 # =========================================================== @@ -1070,9 +1070,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-36] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -1098,9 +1098,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-37] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -1127,9 +1127,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-38] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -1155,9 +1155,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-39] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -1182,9 +1182,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-40] +ExpectedProtocol = DTLSv1 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1 # =========================================================== @@ -1209,9 +1209,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-41] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -1235,9 +1235,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-42] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -1263,9 +1263,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-43] +ExpectedProtocol = DTLSv1 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1 # =========================================================== @@ -1291,9 +1291,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-44] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -1318,9 +1318,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-45] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -1346,9 +1346,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-46] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -1373,9 +1373,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-47] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -1428,9 +1428,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-49] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -1455,9 +1455,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-50] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -1512,9 +1512,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-52] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -1540,9 +1540,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-53] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -1569,9 +1569,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-54] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -1597,9 +1597,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-55] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -1650,9 +1650,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-57] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -1676,9 +1676,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-58] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -1731,9 +1731,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-60] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -1758,9 +1758,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-61] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -1786,9 +1786,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-62] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 # =========================================================== @@ -1813,8 +1813,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-63] +ExpectedProtocol = DTLSv1.2 ExpectedResult = Success Method = DTLS -Protocol = DTLSv1.2 diff --git a/test/ssl-tests/08-npn.conf b/test/ssl-tests/08-npn.conf index 959b489295..97d1d9fe69 100644 --- a/test/ssl-tests/08-npn.conf +++ b/test/ssl-tests/08-npn.conf @@ -34,9 +34,15 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-0] -ClientNPNProtocols = foo ExpectedNPNProtocol = foo -ServerNPNProtocols = foo +server = 0-npn-simple-server-extra +client = 0-npn-simple-client-extra + +[0-npn-simple-server-extra] +NPNProtocols = foo + +[0-npn-simple-client-extra] +NPNProtocols = foo # =========================================================== @@ -59,9 +65,15 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-1] -ClientNPNProtocols = foo,bar ExpectedNPNProtocol = bar -ServerNPNProtocols = baz,bar +server = 1-npn-client-finds-match-server-extra +client = 1-npn-client-finds-match-client-extra + +[1-npn-client-finds-match-server-extra] +NPNProtocols = baz,bar + +[1-npn-client-finds-match-client-extra] +NPNProtocols = foo,bar # =========================================================== @@ -84,9 +96,15 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-2] -ClientNPNProtocols = foo,bar ExpectedNPNProtocol = bar -ServerNPNProtocols = bar,foo +server = 2-npn-client-honours-server-pref-server-extra +client = 2-npn-client-honours-server-pref-client-extra + +[2-npn-client-honours-server-pref-server-extra] +NPNProtocols = bar,foo + +[2-npn-client-honours-server-pref-client-extra] +NPNProtocols = foo,bar # =========================================================== @@ -109,9 +127,15 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-3] -ClientNPNProtocols = foo,bar ExpectedNPNProtocol = foo -ServerNPNProtocols = baz +server = 3-npn-client-first-pref-on-mismatch-server-extra +client = 3-npn-client-first-pref-on-mismatch-client-extra + +[3-npn-client-first-pref-on-mismatch-server-extra] +NPNProtocols = baz + +[3-npn-client-first-pref-on-mismatch-client-extra] +NPNProtocols = foo,bar # =========================================================== @@ -134,7 +158,10 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-4] -ClientNPNProtocols = foo +client = 4-npn-no-server-support-client-extra + +[4-npn-no-server-support-client-extra] +NPNProtocols = foo # =========================================================== @@ -157,7 +184,10 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-5] -ServerNPNProtocols = foo +server = 5-npn-no-client-support-server-extra + +[5-npn-no-client-support-server-extra] +NPNProtocols = foo # =========================================================== @@ -186,14 +216,23 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-6] -ClientNPNProtocols = foo,bar ExpectedNPNProtocol = foo ExpectedServerName = server1 -Server2NPNProtocols = bar -ServerNPNProtocols = foo -ServerName = server1 +server = 6-npn-with-sni-no-context-switch-server-extra +server2 = 6-npn-with-sni-no-context-switch-server2-extra +client = 6-npn-with-sni-no-context-switch-client-extra + +[6-npn-with-sni-no-context-switch-server-extra] +NPNProtocols = foo ServerNameCallback = IgnoreMismatch +[6-npn-with-sni-no-context-switch-server2-extra] +NPNProtocols = bar + +[6-npn-with-sni-no-context-switch-client-extra] +NPNProtocols = foo,bar +ServerName = server1 + # =========================================================== @@ -221,14 +260,23 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-7] -ClientNPNProtocols = foo,bar ExpectedNPNProtocol = bar ExpectedServerName = server2 -Server2NPNProtocols = bar -ServerNPNProtocols = foo -ServerName = server2 +server = 7-npn-with-sni-context-switch-server-extra +server2 = 7-npn-with-sni-context-switch-server2-extra +client = 7-npn-with-sni-context-switch-client-extra + +[7-npn-with-sni-context-switch-server-extra] +NPNProtocols = foo ServerNameCallback = IgnoreMismatch +[7-npn-with-sni-context-switch-server2-extra] +NPNProtocols = bar + +[7-npn-with-sni-context-switch-client-extra] +NPNProtocols = foo,bar +ServerName = server2 + # =========================================================== @@ -256,13 +304,22 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-8] -ClientNPNProtocols = foo,bar ExpectedNPNProtocol = bar ExpectedServerName = server2 -Server2NPNProtocols = bar -ServerName = server2 +server = 8-npn-selected-sni-server-supports-npn-server-extra +server2 = 8-npn-selected-sni-server-supports-npn-server2-extra +client = 8-npn-selected-sni-server-supports-npn-client-extra + +[8-npn-selected-sni-server-supports-npn-server-extra] ServerNameCallback = IgnoreMismatch +[8-npn-selected-sni-server-supports-npn-server2-extra] +NPNProtocols = bar + +[8-npn-selected-sni-server-supports-npn-client-extra] +NPNProtocols = foo,bar +ServerName = server2 + # =========================================================== @@ -290,12 +347,18 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-9] -ClientNPNProtocols = foo,bar ExpectedServerName = server2 -ServerNPNProtocols = foo -ServerName = server2 +server = 9-npn-selected-sni-server-does-not-support-npn-server-extra +client = 9-npn-selected-sni-server-does-not-support-npn-client-extra + +[9-npn-selected-sni-server-does-not-support-npn-server-extra] +NPNProtocols = bar ServerNameCallback = IgnoreMismatch +[9-npn-selected-sni-server-does-not-support-npn-client-extra] +NPNProtocols = foo,bar +ServerName = server2 + # =========================================================== @@ -317,11 +380,17 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-10] -ClientALPNProtocols = foo -ClientNPNProtocols = bar ExpectedALPNProtocol = foo -ServerALPNProtocols = foo -ServerNPNProtocols = bar +server = 10-alpn-preferred-over-npn-server-extra +client = 10-alpn-preferred-over-npn-client-extra + +[10-alpn-preferred-over-npn-server-extra] +ALPNProtocols = foo +NPNProtocols = bar + +[10-alpn-preferred-over-npn-client-extra] +ALPNProtocols = foo +NPNProtocols = bar # =========================================================== @@ -350,13 +419,22 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-11] -ClientALPNProtocols = foo -ClientNPNProtocols = bar ExpectedNPNProtocol = bar ExpectedServerName = server2 -Server2NPNProtocols = bar -ServerALPNProtocols = foo -ServerName = server2 +server = 11-sni-npn-preferred-over-alpn-server-extra +server2 = 11-sni-npn-preferred-over-alpn-server2-extra +client = 11-sni-npn-preferred-over-alpn-client-extra + +[11-sni-npn-preferred-over-alpn-server-extra] +ALPNProtocols = foo ServerNameCallback = IgnoreMismatch +[11-sni-npn-preferred-over-alpn-server2-extra] +NPNProtocols = bar + +[11-sni-npn-preferred-over-alpn-client-extra] +ALPNProtocols = foo +NPNProtocols = bar +ServerName = server2 + diff --git a/test/ssl-tests/08-npn.conf.in b/test/ssl-tests/08-npn.conf.in index 9b0dcba999..56ccaea1f0 100644 --- a/test/ssl-tests/08-npn.conf.in +++ b/test/ssl-tests/08-npn.conf.in @@ -18,148 +18,226 @@ package ssltests; our @tests = ( { name => "npn-simple", - server => { }, - client => { }, + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + }, test => { - "ClientNPNProtocols" => "foo", - "ServerNPNProtocols" => "foo", "ExpectedNPNProtocol" => "foo", }, }, { name => "npn-client-finds-match", - server => { }, - client => { }, + server => { + extra => { + "NPNProtocols" => "baz,bar", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + }, + }, test => { - "ClientNPNProtocols" => "foo,bar", - "ServerNPNProtocols" => "baz,bar", "ExpectedNPNProtocol" => "bar", }, }, { name => "npn-client-honours-server-pref", - server => { }, - client => { }, + server => { + extra => { + "NPNProtocols" => "bar,foo", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + }, + }, test => { - "ClientNPNProtocols" => "foo,bar", - "ServerNPNProtocols" => "bar,foo", "ExpectedNPNProtocol" => "bar", }, }, { name => "npn-client-first-pref-on-mismatch", - server => { }, - client => { }, + server => { + extra => { + "NPNProtocols" => "baz", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + }, + }, test => { - "ClientNPNProtocols" => "foo,bar", - "ServerNPNProtocols" => "baz", "ExpectedNPNProtocol" => "foo", }, }, { name => "npn-no-server-support", server => { }, - client => { }, + client => { + extra => { + "NPNProtocols" => "foo", + }, + }, test => { - "ClientNPNProtocols" => "foo", "ExpectedNPNProtocol" => undef, }, }, { name => "npn-no-client-support", - server => { }, + server => { + extra => { + "NPNProtocols" => "foo", + }, + }, client => { }, test => { - "ServerNPNProtocols" => "foo", "ExpectedNPNProtocol" => undef, }, }, { name => "npn-with-sni-no-context-switch", - server => { }, - server2 => { }, - client => { }, + server => { + extra => { + "NPNProtocols" => "foo", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + "ServerName" => "server1", + }, + }, test => { - "ClientNPNProtocols" => "foo,bar", - "ServerNPNProtocols" => "foo", - "Server2NPNProtocols" => "bar", - "ServerName" => "server1", - "ServerNameCallback" => "IgnoreMismatch", "ExpectedServerName" => "server1", "ExpectedNPNProtocol" => "foo", }, }, { name => "npn-with-sni-context-switch", - server => { }, - server2 => { }, - client => { }, + server => { + extra => { + "NPNProtocols" => "foo", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, test => { - "ClientNPNProtocols" => "foo,bar", - "ServerNPNProtocols" => "foo", - "Server2NPNProtocols" => "bar", - "ServerName" => "server2", - "ServerNameCallback" => "IgnoreMismatch", "ExpectedServerName" => "server2", "ExpectedNPNProtocol" => "bar", }, }, { name => "npn-selected-sni-server-supports-npn", - server => { }, - server2 => { }, - client => { }, + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, test => { - "ClientNPNProtocols" => "foo,bar", - "Server2NPNProtocols" => "bar", - "ServerName" => "server2", - "ServerNameCallback" => "IgnoreMismatch", "ExpectedServerName" => "server2", "ExpectedNPNProtocol" => "bar", }, }, { name => "npn-selected-sni-server-does-not-support-npn", - server => { }, + server => { + extra => { + "NPNProtocols" => "bar", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, server2 => { }, - client => { }, + client => { + extra => { + "NPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, test => { - "ClientNPNProtocols" => "foo,bar", - "ServerNPNProtocols" => "foo", - "ServerName" => "server2", - "ServerNameCallback" => "IgnoreMismatch", "ExpectedServerName" => "server2", "ExpectedNPNProtocol" => undef, }, }, { name => "alpn-preferred-over-npn", - server => { }, - client => { }, + server => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar", + }, + }, test => { - "ClientALPNProtocols" => "foo", - "ClientNPNProtocols" => "bar", - "ServerALPNProtocols" => "foo", - "ServerNPNProtocols" => "bar", "ExpectedALPNProtocol" => "foo", "ExpectedNPNProtocol" => undef, }, }, { name => "sni-npn-preferred-over-alpn", - server => { }, - server2 => { }, - client => { }, + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + "ALPNProtocols" => "foo", + }, + }, + server2 => { + extra => { + "NPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ServerName" => "server2", + "ALPNProtocols" => "foo", + "NPNProtocols" => "bar", + }, + }, test => { - "ClientALPNProtocols" => "foo", - "ClientNPNProtocols" => "bar", - "ServerALPNProtocols" => "foo", - "Server2NPNProtocols" => "bar", - "ServerName" => "server2", - "ServerNameCallback" => "IgnoreMismatch", - "ExpectedServerName" => "server2", "ExpectedALPNProtocol" => undef, "ExpectedNPNProtocol" => "bar", + "ExpectedServerName" => "server2", }, }, ); diff --git a/test/ssl-tests/09-alpn.conf b/test/ssl-tests/09-alpn.conf index 10ddc6036b..58ddff3ab9 100644 --- a/test/ssl-tests/09-alpn.conf +++ b/test/ssl-tests/09-alpn.conf @@ -3,8 +3,8 @@ num_tests = 10 test-0 = 0-alpn-simple -test-1 = 1-alpn-client-finds-match -test-2 = 2-alpn-client-honours-server-pref +test-1 = 1-alpn-server-finds-match +test-2 = 2-alpn-server-honours-server-pref test-3 = 3-alpn-alert-on-mismatch test-4 = 4-alpn-no-server-support test-5 = 5-alpn-no-client-support @@ -32,59 +32,77 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-0] -ClientALPNProtocols = foo ExpectedALPNProtocol = foo -ServerALPNProtocols = foo +server = 0-alpn-simple-server-extra +client = 0-alpn-simple-client-extra + +[0-alpn-simple-server-extra] +ALPNProtocols = foo + +[0-alpn-simple-client-extra] +ALPNProtocols = foo # =========================================================== -[1-alpn-client-finds-match] -ssl_conf = 1-alpn-client-finds-match-ssl +[1-alpn-server-finds-match] +ssl_conf = 1-alpn-server-finds-match-ssl -[1-alpn-client-finds-match-ssl] -server = 1-alpn-client-finds-match-server -client = 1-alpn-client-finds-match-client +[1-alpn-server-finds-match-ssl] +server = 1-alpn-server-finds-match-server +client = 1-alpn-server-finds-match-client -[1-alpn-client-finds-match-server] +[1-alpn-server-finds-match-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[1-alpn-client-finds-match-client] +[1-alpn-server-finds-match-client] CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-1] -ClientALPNProtocols = foo,bar ExpectedALPNProtocol = bar -ServerALPNProtocols = baz,bar +server = 1-alpn-server-finds-match-server-extra +client = 1-alpn-server-finds-match-client-extra + +[1-alpn-server-finds-match-server-extra] +ALPNProtocols = baz,bar + +[1-alpn-server-finds-match-client-extra] +ALPNProtocols = foo,bar # =========================================================== -[2-alpn-client-honours-server-pref] -ssl_conf = 2-alpn-client-honours-server-pref-ssl +[2-alpn-server-honours-server-pref] +ssl_conf = 2-alpn-server-honours-server-pref-ssl -[2-alpn-client-honours-server-pref-ssl] -server = 2-alpn-client-honours-server-pref-server -client = 2-alpn-client-honours-server-pref-client +[2-alpn-server-honours-server-pref-ssl] +server = 2-alpn-server-honours-server-pref-server +client = 2-alpn-server-honours-server-pref-client -[2-alpn-client-honours-server-pref-server] +[2-alpn-server-honours-server-pref-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[2-alpn-client-honours-server-pref-client] +[2-alpn-server-honours-server-pref-client] CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-2] -ClientALPNProtocols = foo,bar ExpectedALPNProtocol = bar -ServerALPNProtocols = bar,foo +server = 2-alpn-server-honours-server-pref-server-extra +client = 2-alpn-server-honours-server-pref-client-extra + +[2-alpn-server-honours-server-pref-server-extra] +ALPNProtocols = bar,foo + +[2-alpn-server-honours-server-pref-client-extra] +ALPNProtocols = foo,bar # =========================================================== @@ -107,10 +125,16 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-3] -ClientALPNProtocols = foo,bar ExpectedResult = ServerFail -ServerALPNProtocols = baz -ServerAlert = NoApplicationProtocol +ExpectedServerAlert = NoApplicationProtocol +server = 3-alpn-alert-on-mismatch-server-extra +client = 3-alpn-alert-on-mismatch-client-extra + +[3-alpn-alert-on-mismatch-server-extra] +ALPNProtocols = baz + +[3-alpn-alert-on-mismatch-client-extra] +ALPNProtocols = foo,bar # =========================================================== @@ -133,7 +157,10 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-4] -ClientALPNProtocols = foo +client = 4-alpn-no-server-support-client-extra + +[4-alpn-no-server-support-client-extra] +ALPNProtocols = foo # =========================================================== @@ -156,7 +183,10 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-5] -ServerALPNProtocols = foo +server = 5-alpn-no-client-support-server-extra + +[5-alpn-no-client-support-server-extra] +ALPNProtocols = foo # =========================================================== @@ -185,14 +215,23 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-6] -ClientALPNProtocols = foo,bar ExpectedALPNProtocol = foo ExpectedServerName = server1 -Server2ALPNProtocols = bar -ServerALPNProtocols = foo -ServerName = server1 +server = 6-alpn-with-sni-no-context-switch-server-extra +server2 = 6-alpn-with-sni-no-context-switch-server2-extra +client = 6-alpn-with-sni-no-context-switch-client-extra + +[6-alpn-with-sni-no-context-switch-server-extra] +ALPNProtocols = foo ServerNameCallback = IgnoreMismatch +[6-alpn-with-sni-no-context-switch-server2-extra] +ALPNProtocols = bar + +[6-alpn-with-sni-no-context-switch-client-extra] +ALPNProtocols = foo,bar +ServerName = server1 + # =========================================================== @@ -220,14 +259,23 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-7] -ClientALPNProtocols = foo,bar ExpectedALPNProtocol = bar ExpectedServerName = server2 -Server2ALPNProtocols = bar -ServerALPNProtocols = foo -ServerName = server2 +server = 7-alpn-with-sni-context-switch-server-extra +server2 = 7-alpn-with-sni-context-switch-server2-extra +client = 7-alpn-with-sni-context-switch-client-extra + +[7-alpn-with-sni-context-switch-server-extra] +ALPNProtocols = foo ServerNameCallback = IgnoreMismatch +[7-alpn-with-sni-context-switch-server2-extra] +ALPNProtocols = bar + +[7-alpn-with-sni-context-switch-client-extra] +ALPNProtocols = foo,bar +ServerName = server2 + # =========================================================== @@ -255,13 +303,22 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-8] -ClientALPNProtocols = foo,bar ExpectedALPNProtocol = bar ExpectedServerName = server2 -Server2ALPNProtocols = bar -ServerName = server2 +server = 8-alpn-selected-sni-server-supports-alpn-server-extra +server2 = 8-alpn-selected-sni-server-supports-alpn-server2-extra +client = 8-alpn-selected-sni-server-supports-alpn-client-extra + +[8-alpn-selected-sni-server-supports-alpn-server-extra] ServerNameCallback = IgnoreMismatch +[8-alpn-selected-sni-server-supports-alpn-server2-extra] +ALPNProtocols = bar + +[8-alpn-selected-sni-server-supports-alpn-client-extra] +ALPNProtocols = foo,bar +ServerName = server2 + # =========================================================== @@ -289,10 +346,16 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-9] -ClientALPNProtocols = foo,bar ExpectedServerName = server2 -ServerALPNProtocols = foo -ServerName = server2 +server = 9-alpn-selected-sni-server-does-not-support-alpn-server-extra +client = 9-alpn-selected-sni-server-does-not-support-alpn-client-extra + +[9-alpn-selected-sni-server-does-not-support-alpn-server-extra] +ALPNProtocols = bar ServerNameCallback = IgnoreMismatch +[9-alpn-selected-sni-server-does-not-support-alpn-client-extra] +ALPNProtocols = foo,bar +ServerName = server2 + diff --git a/test/ssl-tests/09-alpn.conf.in b/test/ssl-tests/09-alpn.conf.in index 2a7b1f97c2..c637b3a11c 100644 --- a/test/ssl-tests/09-alpn.conf.in +++ b/test/ssl-tests/09-alpn.conf.in @@ -18,117 +18,180 @@ package ssltests; our @tests = ( { name => "alpn-simple", - server => { }, - client => { }, + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, test => { - "ClientALPNProtocols" => "foo", - "ServerALPNProtocols" => "foo", "ExpectedALPNProtocol" => "foo", }, }, { - name => "alpn-client-finds-match", - server => { }, - client => { }, + name => "alpn-server-finds-match", + server => { + extra => { + "ALPNProtocols" => "baz,bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + }, + }, test => { - "ClientALPNProtocols" => "foo,bar", - "ServerALPNProtocols" => "baz,bar", "ExpectedALPNProtocol" => "bar", }, }, { - name => "alpn-client-honours-server-pref", - server => { }, - client => { }, + name => "alpn-server-honours-server-pref", + server => { + extra => { + "ALPNProtocols" => "bar,foo", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + }, + }, test => { - "ClientALPNProtocols" => "foo,bar", - "ServerALPNProtocols" => "bar,foo", "ExpectedALPNProtocol" => "bar", }, }, { name => "alpn-alert-on-mismatch", - server => { }, - client => { }, + server => { + extra => { + "ALPNProtocols" => "baz", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + }, + }, test => { - "ClientALPNProtocols" => "foo,bar", - "ServerALPNProtocols" => "baz", "ExpectedResult" => "ServerFail", - "ServerAlert" => "NoApplicationProtocol", + "ExpectedServerAlert" => "NoApplicationProtocol", }, }, { name => "alpn-no-server-support", server => { }, - client => { }, + client => { + extra => { + "ALPNProtocols" => "foo", + }, + }, test => { - "ClientALPNProtocols" => "foo", "ExpectedALPNProtocol" => undef, }, }, { name => "alpn-no-client-support", - server => { }, + server => { + extra => { + "ALPNProtocols" => "foo", + }, + }, client => { }, test => { - "ServerALPNProtocols" => "foo", "ExpectedALPNProtocol" => undef, }, }, { name => "alpn-with-sni-no-context-switch", - server => { }, - server2 => { }, - client => { }, + server => { + extra => { + "ALPNProtocols" => "foo", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "ALPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + "ServerName" => "server1", + }, + }, test => { - "ClientALPNProtocols" => "foo,bar", - "ServerALPNProtocols" => "foo", - "Server2ALPNProtocols" => "bar", - "ServerName" => "server1", - "ServerNameCallback" => "IgnoreMismatch", "ExpectedServerName" => "server1", "ExpectedALPNProtocol" => "foo", }, }, { name => "alpn-with-sni-context-switch", - server => { }, - server2 => { }, - client => { }, + server => { + extra => { + "ALPNProtocols" => "foo", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "ALPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, test => { - "ClientALPNProtocols" => "foo,bar", - "ServerALPNProtocols" => "foo", - "Server2ALPNProtocols" => "bar", - "ServerName" => "server2", - "ServerNameCallback" => "IgnoreMismatch", "ExpectedServerName" => "server2", "ExpectedALPNProtocol" => "bar", }, }, { name => "alpn-selected-sni-server-supports-alpn", - server => { }, - server2 => { }, - client => { }, + server => { + extra => { + "ServerNameCallback" => "IgnoreMismatch", + }, + }, + server2 => { + extra => { + "ALPNProtocols" => "bar", + }, + }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, test => { - "ClientALPNProtocols" => "foo,bar", - "Server2ALPNProtocols" => "bar", - "ServerName" => "server2", - "ServerNameCallback" => "IgnoreMismatch", "ExpectedServerName" => "server2", "ExpectedALPNProtocol" => "bar", }, }, { name => "alpn-selected-sni-server-does-not-support-alpn", - server => { }, + server => { + extra => { + "ALPNProtocols" => "bar", + "ServerNameCallback" => "IgnoreMismatch", + }, + }, server2 => { }, - client => { }, + client => { + extra => { + "ALPNProtocols" => "foo,bar", + "ServerName" => "server2", + }, + }, test => { - "ClientALPNProtocols" => "foo,bar", - "ServerALPNProtocols" => "foo", - "ServerName" => "server2", - "ServerNameCallback" => "IgnoreMismatch", "ExpectedServerName" => "server2", "ExpectedALPNProtocol" => undef, }, diff --git a/test/ssl-tests/10-resumption.conf b/test/ssl-tests/10-resumption.conf index 2410cd0924..b2deee4209 100644 --- a/test/ssl-tests/10-resumption.conf +++ b/test/ssl-tests/10-resumption.conf @@ -69,8 +69,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-0] +ExpectedProtocol = TLSv1 HandshakeMode = Resume -Protocol = TLSv1 ResumptionExpected = Yes @@ -105,8 +105,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-1] +ExpectedProtocol = TLSv1 HandshakeMode = Resume -Protocol = TLSv1 ResumptionExpected = Yes @@ -141,8 +141,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-2] +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -Protocol = TLSv1.1 ResumptionExpected = No @@ -177,8 +177,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-3] +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -Protocol = TLSv1.1 ResumptionExpected = No @@ -213,8 +213,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-4] +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume -Protocol = TLSv1.2 ResumptionExpected = No @@ -249,8 +249,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-5] +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume -Protocol = TLSv1.2 ResumptionExpected = No @@ -285,8 +285,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-6] +ExpectedProtocol = TLSv1 HandshakeMode = Resume -Protocol = TLSv1 ResumptionExpected = No @@ -321,8 +321,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-7] +ExpectedProtocol = TLSv1 HandshakeMode = Resume -Protocol = TLSv1 ResumptionExpected = No @@ -357,8 +357,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-8] +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -Protocol = TLSv1.1 ResumptionExpected = Yes @@ -393,8 +393,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-9] +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -Protocol = TLSv1.1 ResumptionExpected = Yes @@ -429,8 +429,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-10] +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume -Protocol = TLSv1.2 ResumptionExpected = No @@ -465,8 +465,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-11] +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume -Protocol = TLSv1.2 ResumptionExpected = No @@ -501,8 +501,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-12] +ExpectedProtocol = TLSv1 HandshakeMode = Resume -Protocol = TLSv1 ResumptionExpected = No @@ -537,8 +537,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-13] +ExpectedProtocol = TLSv1 HandshakeMode = Resume -Protocol = TLSv1 ResumptionExpected = No @@ -573,8 +573,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-14] +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -Protocol = TLSv1.1 ResumptionExpected = No @@ -609,8 +609,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-15] +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -Protocol = TLSv1.1 ResumptionExpected = No @@ -645,8 +645,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-16] +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume -Protocol = TLSv1.2 ResumptionExpected = Yes @@ -681,8 +681,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-17] +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume -Protocol = TLSv1.2 ResumptionExpected = Yes @@ -717,8 +717,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-18] +ExpectedProtocol = TLSv1 HandshakeMode = Resume -Protocol = TLSv1 ResumptionExpected = Yes @@ -753,8 +753,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-19] +ExpectedProtocol = TLSv1 HandshakeMode = Resume -Protocol = TLSv1 ResumptionExpected = Yes @@ -789,8 +789,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-20] +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -Protocol = TLSv1.1 ResumptionExpected = No @@ -825,8 +825,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-21] +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -Protocol = TLSv1.1 ResumptionExpected = No @@ -861,8 +861,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-22] +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume -Protocol = TLSv1.2 ResumptionExpected = No @@ -897,8 +897,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-23] +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume -Protocol = TLSv1.2 ResumptionExpected = No @@ -933,8 +933,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-24] +ExpectedProtocol = TLSv1 HandshakeMode = Resume -Protocol = TLSv1 ResumptionExpected = No @@ -969,8 +969,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-25] +ExpectedProtocol = TLSv1 HandshakeMode = Resume -Protocol = TLSv1 ResumptionExpected = No @@ -1005,8 +1005,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-26] +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -Protocol = TLSv1.1 ResumptionExpected = Yes @@ -1041,8 +1041,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-27] +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -Protocol = TLSv1.1 ResumptionExpected = Yes @@ -1077,8 +1077,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-28] +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume -Protocol = TLSv1.2 ResumptionExpected = No @@ -1113,8 +1113,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-29] +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume -Protocol = TLSv1.2 ResumptionExpected = No @@ -1149,8 +1149,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-30] +ExpectedProtocol = TLSv1 HandshakeMode = Resume -Protocol = TLSv1 ResumptionExpected = No @@ -1185,8 +1185,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-31] +ExpectedProtocol = TLSv1 HandshakeMode = Resume -Protocol = TLSv1 ResumptionExpected = No @@ -1221,8 +1221,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-32] +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -Protocol = TLSv1.1 ResumptionExpected = No @@ -1257,8 +1257,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-33] +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -Protocol = TLSv1.1 ResumptionExpected = No @@ -1293,8 +1293,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-34] +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume -Protocol = TLSv1.2 ResumptionExpected = Yes @@ -1329,8 +1329,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-35] +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume -Protocol = TLSv1.2 ResumptionExpected = Yes diff --git a/test/ssl-tests/11-dtls_resumption.conf b/test/ssl-tests/11-dtls_resumption.conf index 0822f1e467..ceed959744 100644 --- a/test/ssl-tests/11-dtls_resumption.conf +++ b/test/ssl-tests/11-dtls_resumption.conf @@ -49,9 +49,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-0] +ExpectedProtocol = DTLSv1 HandshakeMode = Resume Method = DTLS -Protocol = DTLSv1 ResumptionExpected = Yes @@ -86,9 +86,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-1] +ExpectedProtocol = DTLSv1 HandshakeMode = Resume Method = DTLS -Protocol = DTLSv1 ResumptionExpected = Yes @@ -123,9 +123,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-2] +ExpectedProtocol = DTLSv1.2 HandshakeMode = Resume Method = DTLS -Protocol = DTLSv1.2 ResumptionExpected = No @@ -160,9 +160,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-3] +ExpectedProtocol = DTLSv1.2 HandshakeMode = Resume Method = DTLS -Protocol = DTLSv1.2 ResumptionExpected = No @@ -197,9 +197,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-4] +ExpectedProtocol = DTLSv1 HandshakeMode = Resume Method = DTLS -Protocol = DTLSv1 ResumptionExpected = No @@ -234,9 +234,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-5] +ExpectedProtocol = DTLSv1 HandshakeMode = Resume Method = DTLS -Protocol = DTLSv1 ResumptionExpected = No @@ -271,9 +271,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-6] +ExpectedProtocol = DTLSv1.2 HandshakeMode = Resume Method = DTLS -Protocol = DTLSv1.2 ResumptionExpected = Yes @@ -308,9 +308,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-7] +ExpectedProtocol = DTLSv1.2 HandshakeMode = Resume Method = DTLS -Protocol = DTLSv1.2 ResumptionExpected = Yes @@ -345,9 +345,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-8] +ExpectedProtocol = DTLSv1 HandshakeMode = Resume Method = DTLS -Protocol = DTLSv1 ResumptionExpected = Yes @@ -382,9 +382,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-9] +ExpectedProtocol = DTLSv1 HandshakeMode = Resume Method = DTLS -Protocol = DTLSv1 ResumptionExpected = Yes @@ -419,9 +419,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-10] +ExpectedProtocol = DTLSv1.2 HandshakeMode = Resume Method = DTLS -Protocol = DTLSv1.2 ResumptionExpected = No @@ -456,9 +456,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-11] +ExpectedProtocol = DTLSv1.2 HandshakeMode = Resume Method = DTLS -Protocol = DTLSv1.2 ResumptionExpected = No @@ -493,9 +493,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-12] +ExpectedProtocol = DTLSv1 HandshakeMode = Resume Method = DTLS -Protocol = DTLSv1 ResumptionExpected = No @@ -530,9 +530,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-13] +ExpectedProtocol = DTLSv1 HandshakeMode = Resume Method = DTLS -Protocol = DTLSv1 ResumptionExpected = No @@ -567,9 +567,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-14] +ExpectedProtocol = DTLSv1.2 HandshakeMode = Resume Method = DTLS -Protocol = DTLSv1.2 ResumptionExpected = Yes @@ -604,9 +604,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-15] +ExpectedProtocol = DTLSv1.2 HandshakeMode = Resume Method = DTLS -Protocol = DTLSv1.2 ResumptionExpected = Yes diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm index 059b1d059e..c711362949 100644 --- a/test/ssl-tests/protocol_version.pm +++ b/test/ssl-tests/protocol_version.pm @@ -117,7 +117,7 @@ sub generate_version_tests { }, "test" => { "ExpectedResult" => $result, - "Protocol" => $protocol, + "ExpectedProtocol" => $protocol, "Method" => $method, } }; @@ -172,7 +172,7 @@ sub generate_resumption_tests { "MaxProtocol" => $protocols[$resume_protocol], }, "test" => { - "Protocol" => $protocols[$resume_protocol], + "ExpectedProtocol" => $protocols[$resume_protocol], "Method" => $method, "HandshakeMode" => "Resume", "ResumptionExpected" => $resumption_expected, @@ -192,7 +192,7 @@ sub generate_resumption_tests { "MaxProtocol" => $protocols[$resume_protocol], }, "test" => { - "Protocol" => $protocols[$resume_protocol], + "ExpectedProtocol" => $protocols[$resume_protocol], "Method" => $method, "HandshakeMode" => "Resume", "ResumptionExpected" => $resumption_expected, diff --git a/test/ssl_test.c b/test/ssl_test.c index 48846ae32e..e4951f4fec 100644 --- a/test/ssl_test.c +++ b/test/ssl_test.c @@ -79,23 +79,23 @@ static int check_alerts(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) } /* Tolerate an alert if one wasn't explicitly specified in the test. */ - if (test_ctx->client_alert + if (test_ctx->expected_client_alert /* * The info callback alert value is computed as * (s->s3->send_alert[0] << 8) | s->s3->send_alert[1] * where the low byte is the alert code and the high byte is other stuff. */ - && (result->client_alert_sent & 0xff) != test_ctx->client_alert) { + && (result->client_alert_sent & 0xff) != test_ctx->expected_client_alert) { fprintf(stderr, "ClientAlert mismatch: expected %s, got %s.\n", - print_alert(test_ctx->client_alert), + print_alert(test_ctx->expected_client_alert), print_alert(result->client_alert_sent)); return 0; } - if (test_ctx->server_alert - && (result->server_alert_sent & 0xff) != test_ctx->server_alert) { + if (test_ctx->expected_server_alert + && (result->server_alert_sent & 0xff) != test_ctx->expected_server_alert) { fprintf(stderr, "ServerAlert mismatch: expected %s, got %s.\n", - print_alert(test_ctx->server_alert), + print_alert(test_ctx->expected_server_alert), print_alert(result->server_alert_sent)); return 0; } @@ -112,10 +112,10 @@ static int check_protocol(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) return 0; } - if (test_ctx->protocol) { - if (result->client_protocol != test_ctx->protocol) { + if (test_ctx->expected_protocol) { + if (result->client_protocol != test_ctx->expected_protocol) { fprintf(stderr, "Protocol mismatch: expected %s, got %s.\n", - ssl_protocol_name(test_ctx->protocol), + ssl_protocol_name(test_ctx->expected_protocol), ssl_protocol_name(result->client_protocol)); return 0; } @@ -138,9 +138,6 @@ static int check_session_ticket(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx { if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_IGNORE) return 1; - if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_BROKEN && - result->session_ticket == SSL_TEST_SESSION_TICKET_NO) - return 1; if (result->session_ticket != test_ctx->session_ticket_expected) { fprintf(stderr, "Client SessionTicketExpected mismatch, expected %s, got %s\n.", ssl_session_ticket_name(test_ctx->session_ticket_expected), @@ -230,7 +227,8 @@ static int execute_test(SSL_TEST_FIXTURE fixture) #ifndef OPENSSL_NO_DTLS if (test_ctx->method == SSL_TEST_METHOD_DTLS) { server_ctx = SSL_CTX_new(DTLS_server_method()); - if (test_ctx->servername_callback != SSL_TEST_SERVERNAME_CB_NONE) { + if (test_ctx->extra.server.servername_callback != + SSL_TEST_SERVERNAME_CB_NONE) { server2_ctx = SSL_CTX_new(DTLS_server_method()); OPENSSL_assert(server2_ctx != NULL); } @@ -245,7 +243,9 @@ static int execute_test(SSL_TEST_FIXTURE fixture) #endif if (test_ctx->method == SSL_TEST_METHOD_TLS) { server_ctx = SSL_CTX_new(TLS_server_method()); - if (test_ctx->servername_callback != SSL_TEST_SERVERNAME_CB_NONE) { + /* SNI on resumption isn't supported/tested yet. */ + if (test_ctx->extra.server.servername_callback != + SSL_TEST_SERVERNAME_CB_NONE) { server2_ctx = SSL_CTX_new(TLS_server_method()); OPENSSL_assert(server2_ctx != NULL); } diff --git a/test/ssl_test.tmpl b/test/ssl_test.tmpl index c9cc8de62b..cc3d99f94c 100644 --- a/test/ssl_test.tmpl +++ b/test/ssl_test.tmpl @@ -26,17 +26,21 @@ client = {-$testname-}-client{- [{-$testname-}-server] {- foreach my $key (sort keys %server) { + # Emitted in the test section. + next if ($key eq "extra"); $OUT .= qq{$key} . " = " . qq{$server{$key}\n} if defined $server{$key}; } if (%server2) { $OUT .= "\n[$testname-server2]\n"; foreach my $key (sort keys %server2) { + next if ($key eq "extra"); $OUT .= qq{$key} . " = " . qq{$server2{$key}\n} if defined $server2{$key}; } } if (%resume_server) { $OUT .= "\n[$testname-resume-server]\n"; foreach my $key (sort keys %resume_server) { + next if ($key eq "extra"); $OUT .= qq{$key} . " = " . qq{$resume_server{$key}\n} if defined $resume_server{$key}; } } @@ -44,11 +48,13 @@ client = {-$testname-}-client{- [{-$testname-}-client] {- foreach my $key (sort keys %client) { + next if ($key eq "extra"); $OUT .= qq{$key} . " = " . qq{$client{$key}\n} if defined $client{$key}; } if (%resume_client) { $OUT .= "\n[$testname-resume-client]\n"; foreach my $key (sort keys %resume_client) { + next if ($key eq "extra"); $OUT .= qq{$key} . " = " . qq{$resume_client{$key}\n} if defined $resume_client{$key}; } } @@ -58,4 +64,63 @@ client = {-$testname-}-client{- foreach my $key (sort keys %test) { $OUT .= qq{$key} ." = " . qq{$test{$key}\n} if defined $test{$key}; } + + # The extra server/client configuration sections. + if ($server{"extra"}) { + $OUT .= "server = $testname-server-extra\n"; + } + if (%server2 && $server2{"extra"}) { + $OUT .= "server2 = $testname-server2-extra\n"; + } elsif ($reuse_server2 && $server{"extra"}) { + $OUT .= "server2 = $testname-server-extra\n"; + } + if (%resume_server && $resume_server{"extra"}) { + $OUT .= "resume-server = $testname-resume-server-extra\n"; + } elsif ($reuse_resume_server && $server{"extra"}) { + $OUT .= "resume-server = $testname-server-extra\n"; + } + if ($client{"extra"}) { + $OUT .= "client = $testname-client-extra\n"; + } + if (%resume_client && $resume_client{"extra"}) { + $OUT .= "resume-client = $testname-resume-client-extra\n"; + } elsif ($reuse_resume_client && $client{"extra"}) { + $OUT .= "client = $testname-client-extra\n"; + } + + if ($server{"extra"}) { + $OUT .= "\n[$testname-server-extra]\n"; + foreach my $key (sort keys $server{"extra"}) { + $OUT .= qq{$key} . " = " . qq{$server{"extra"}{$key}\n} + if defined $server{"extra"}{$key}; + } + } + if (%server2 && $server2{"extra"}) { + $OUT .= "\n[$testname-server2-extra]\n"; + foreach my $key (sort keys $server2{"extra"}) { + $OUT .= qq{$key} . " = " . qq{$server2{"extra"}{$key}\n} + if defined $server2{"extra"}{$key}; + } + } + if (%resume_server && $resume_server{"extra"}) { + $OUT .= "\n[$testname-resume-server-extra]\n"; + foreach my $key (sort keys $resume_server{"extra"}) { + $OUT .= qq{$key} . " = " . qq{$resume_server{"extra"}{$key}\n} + if defined $resume_server{"extra"}{$key}; + } + } + if ($client{"extra"}) { + $OUT .= "\n[$testname-client-extra]\n"; + foreach my $key (sort keys $client{"extra"}) { + $OUT .= qq{$key} . " = " . qq{$client{"extra"}{$key}\n} + if defined $client{"extra"}{$key}; + } + } + if (%resume_client && $resume_client{"extra"}) { + $OUT .= "\n[$testname-resume-client-extra]\n"; + foreach my $key (sort keys $resume_client{"extra"}) { + $OUT .= qq{$key} . " = " . qq{$resume_client{"extra"}{$key}\n} + if defined $resume_client{"extra"}{$key}; + } + } -} diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c index 4d2bdba470..d4a7c8ba59 100644 --- a/test/ssl_test_ctx.c +++ b/test/ssl_test_ctx.c @@ -75,9 +75,9 @@ const char *ssl_test_result_name(ssl_test_result_t result) return enum_name(ssl_test_results, OSSL_NELEM(ssl_test_results), result); } -/******************************/ -/* ClientAlert / ServerAlert. */ -/******************************/ +/**********************************************/ +/* ExpectedClientAlert / ExpectedServerAlert. */ +/**********************************************/ static const test_enum ssl_alerts[] = { {"UnknownCA", SSL_AD_UNKNOWN_CA}, @@ -94,12 +94,12 @@ __owur static int parse_alert(int *alert, const char *value) __owur static int parse_client_alert(SSL_TEST_CTX *test_ctx, const char *value) { - return parse_alert(&test_ctx->client_alert, value); + return parse_alert(&test_ctx->expected_client_alert, value); } __owur static int parse_server_alert(SSL_TEST_CTX *test_ctx, const char *value) { - return parse_alert(&test_ctx->server_alert, value); + return parse_alert(&test_ctx->expected_server_alert, value); } const char *ssl_alert_name(int alert) @@ -107,9 +107,9 @@ const char *ssl_alert_name(int alert) return enum_name(ssl_alerts, OSSL_NELEM(ssl_alerts), alert); } -/************/ -/* Protocol */ -/************/ +/********************/ +/* ExpectedProtocol */ +/********************/ static const test_enum ssl_protocols[] = { {"TLSv1.2", TLS1_2_VERSION}, @@ -123,7 +123,7 @@ static const test_enum ssl_protocols[] = { __owur static int parse_protocol(SSL_TEST_CTX *test_ctx, const char *value) { return parse_enum(ssl_protocols, OSSL_NELEM(ssl_protocols), - &test_ctx->protocol, value); + &test_ctx->expected_protocol, value); } const char *ssl_protocol_name(int protocol) @@ -132,7 +132,7 @@ const char *ssl_protocol_name(int protocol) } /***********************/ -/* CertVerifyCallback. */ +/* VerifyCallback. */ /***********************/ static const test_enum ssl_verify_callbacks[] = { @@ -141,7 +141,7 @@ static const test_enum ssl_verify_callbacks[] = { {"RejectAll", SSL_TEST_VERIFY_REJECT_ALL}, }; -__owur static int parse_client_verify_callback(SSL_TEST_CTX *test_ctx, +__owur static int parse_client_verify_callback(SSL_TEST_CLIENT_CONF *client_conf, const char *value) { int ret_value; @@ -149,7 +149,7 @@ __owur static int parse_client_verify_callback(SSL_TEST_CTX *test_ctx, &ret_value, value)) { return 0; } - test_ctx->client_verify_callback = ret_value; + client_conf->verify_callback = ret_value; return 1; } @@ -170,7 +170,7 @@ static const test_enum ssl_servername[] = { {"invalid", SSL_TEST_SERVERNAME_INVALID}, }; -__owur static int parse_servername(SSL_TEST_CTX *test_ctx, +__owur static int parse_servername(SSL_TEST_CLIENT_CONF *client_conf, const char *value) { int ret_value; @@ -178,7 +178,7 @@ __owur static int parse_servername(SSL_TEST_CTX *test_ctx, &ret_value, value)) { return 0; } - test_ctx->servername = ret_value; + client_conf->servername = ret_value; return 1; } @@ -200,9 +200,9 @@ const char *ssl_servername_name(ssl_servername_t server) server); } -/***********************/ -/* ServerNameCallback. */ -/***********************/ +/**********************/ +/* ServerNameCallback */ +/**********************/ static const test_enum ssl_servername_callbacks[] = { {"None", SSL_TEST_SERVERNAME_CB_NONE}, @@ -210,15 +210,15 @@ static const test_enum ssl_servername_callbacks[] = { {"RejectMismatch", SSL_TEST_SERVERNAME_REJECT_MISMATCH}, }; -__owur static int parse_servername_callback(SSL_TEST_CTX *test_ctx, - const char *value) +__owur static int parse_servername_callback(SSL_TEST_SERVER_CONF *server_conf, + const char *value) { int ret_value; if (!parse_enum(ssl_servername_callbacks, OSSL_NELEM(ssl_servername_callbacks), &ret_value, value)) { return 0; } - test_ctx->servername_callback = ret_value; + server_conf->servername_callback = ret_value; return 1; } @@ -236,7 +236,6 @@ static const test_enum ssl_session_ticket[] = { {"Ignore", SSL_TEST_SESSION_TICKET_IGNORE}, {"Yes", SSL_TEST_SESSION_TICKET_YES}, {"No", SSL_TEST_SESSION_TICKET_NO}, - {"Broken", SSL_TEST_SESSION_TICKET_BROKEN}, }; __owur static int parse_session_ticket(SSL_TEST_CTX *test_ctx, const char *value) @@ -258,7 +257,7 @@ const char *ssl_session_ticket_name(ssl_session_ticket_t server) } /***********************/ -/* Method. */ +/* Method */ /***********************/ static const test_enum ssl_test_methods[] = { @@ -282,12 +281,12 @@ const char *ssl_test_method_name(ssl_test_method_t method) return enum_name(ssl_test_methods, OSSL_NELEM(ssl_test_methods), method); } -#define IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(field) \ - static int parse_##field(SSL_TEST_CTX *test_ctx, const char *value) \ +#define IMPLEMENT_SSL_TEST_STRING_OPTION(struct_type, name, field) \ + static int parse_##name##_##field(struct_type *ctx, const char *value) \ { \ - OPENSSL_free(test_ctx->field); \ - test_ctx->field = OPENSSL_strdup(value); \ - OPENSSL_assert(test_ctx->field != NULL); \ + OPENSSL_free(ctx->field); \ + ctx->field = OPENSSL_strdup(value); \ + OPENSSL_assert(ctx->field != NULL); \ return 1; \ } @@ -295,14 +294,12 @@ const char *ssl_test_method_name(ssl_test_method_t method) /* NPN and ALPN options */ /************************************/ -IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(client_npn_protocols) -IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server_npn_protocols) -IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server2_npn_protocols) -IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(expected_npn_protocol) -IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(client_alpn_protocols) -IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server_alpn_protocols) -IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server2_alpn_protocols) -IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(expected_alpn_protocol) +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, npn_protocols) +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, npn_protocols) +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_npn_protocol) +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, alpn_protocols) +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, alpn_protocols) +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_alpn_protocol) /***********************/ /* Handshake mode */ @@ -344,18 +341,20 @@ static int parse_boolean(const char *value, int *result) return 0; } -#define IMPLEMENT_SSL_TEST_CTX_BOOL_OPTION(field) \ - static int parse_##field(SSL_TEST_CTX *test_ctx, const char *value) \ +#define IMPLEMENT_SSL_TEST_BOOL_OPTION(struct_type, name, field) \ + static int parse_##name##_##field(struct_type *ctx, const char *value) \ { \ - return parse_boolean(value, &test_ctx->field); \ + return parse_boolean(value, &ctx->field); \ } -IMPLEMENT_SSL_TEST_CTX_BOOL_OPTION(resumption_expected) +IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, resumption_expected) +IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, broken_session_ticket) /*************************************************************/ /* Known test options and their corresponding parse methods. */ /*************************************************************/ +/* Top-level options. */ typedef struct { const char *name; int (*parse)(SSL_TEST_CTX *test_ctx, const char *value); @@ -363,25 +362,42 @@ typedef struct { static const ssl_test_ctx_option ssl_test_ctx_options[] = { { "ExpectedResult", &parse_expected_result }, - { "ClientAlert", &parse_client_alert }, - { "ServerAlert", &parse_server_alert }, - { "Protocol", &parse_protocol }, - { "ClientVerifyCallback", &parse_client_verify_callback }, - { "ServerName", &parse_servername }, + { "ExpectedClientAlert", &parse_client_alert }, + { "ExpectedServerAlert", &parse_server_alert }, + { "ExpectedProtocol", &parse_protocol }, { "ExpectedServerName", &parse_expected_servername }, - { "ServerNameCallback", &parse_servername_callback }, { "SessionTicketExpected", &parse_session_ticket }, { "Method", &parse_test_method }, - { "ClientNPNProtocols", &parse_client_npn_protocols }, - { "ServerNPNProtocols", &parse_server_npn_protocols }, - { "Server2NPNProtocols", &parse_server2_npn_protocols }, - { "ExpectedNPNProtocol", &parse_expected_npn_protocol }, - { "ClientALPNProtocols", &parse_client_alpn_protocols }, - { "ServerALPNProtocols", &parse_server_alpn_protocols }, - { "Server2ALPNProtocols", &parse_server2_alpn_protocols }, - { "ExpectedALPNProtocol", &parse_expected_alpn_protocol }, + { "ExpectedNPNProtocol", &parse_test_expected_npn_protocol }, + { "ExpectedALPNProtocol", &parse_test_expected_alpn_protocol }, { "HandshakeMode", &parse_handshake_mode }, - { "ResumptionExpected", &parse_resumption_expected }, + { "ResumptionExpected", &parse_test_resumption_expected }, +}; + +/* Nested client options. */ +typedef struct { + const char *name; + int (*parse)(SSL_TEST_CLIENT_CONF *conf, const char *value); +} ssl_test_client_option; + +static const ssl_test_client_option ssl_test_client_options[] = { + { "VerifyCallback", &parse_client_verify_callback }, + { "ServerName", &parse_servername }, + { "NPNProtocols", &parse_client_npn_protocols }, + { "ALPNProtocols", &parse_client_alpn_protocols }, +}; + +/* Nested server options. */ +typedef struct { + const char *name; + int (*parse)(SSL_TEST_SERVER_CONF *conf, const char *value); +} ssl_test_server_option; + +static const ssl_test_server_option ssl_test_server_options[] = { + { "ServerNameCallback", &parse_servername_callback }, + { "NPNProtocols", &parse_server_npn_protocols }, + { "ALPNProtocols", &parse_server_alpn_protocols }, + { "BrokenSessionTicket", &parse_server_broken_session_ticket }, }; /* @@ -396,44 +412,82 @@ SSL_TEST_CTX *SSL_TEST_CTX_new() return ret; } -void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx) +static void ssl_test_extra_conf_free_data(SSL_TEST_EXTRA_CONF *conf) +{ + OPENSSL_free(conf->client.npn_protocols); + OPENSSL_free(conf->server.npn_protocols); + OPENSSL_free(conf->server2.npn_protocols); + OPENSSL_free(conf->client.alpn_protocols); + OPENSSL_free(conf->server.alpn_protocols); + OPENSSL_free(conf->server2.alpn_protocols); +} + +static void ssl_test_ctx_free_extra_data(SSL_TEST_CTX *ctx) { + ssl_test_extra_conf_free_data(&ctx->extra); + ssl_test_extra_conf_free_data(&ctx->resume_extra); +} -#ifndef OPENSSL_NO_NEXTPROTONEG - OPENSSL_free(ctx->client_npn_protocols); - OPENSSL_free(ctx->server_npn_protocols); - OPENSSL_free(ctx->server2_npn_protocols); - OPENSSL_free(ctx->client_alpn_protocols); - OPENSSL_free(ctx->server_alpn_protocols); - OPENSSL_free(ctx->server2_alpn_protocols); +void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx) +{ + ssl_test_ctx_free_extra_data(ctx); OPENSSL_free(ctx->expected_npn_protocol); OPENSSL_free(ctx->expected_alpn_protocol); -#endif OPENSSL_free(ctx); } -SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section) +static int parse_client_options(SSL_TEST_CLIENT_CONF *client, const CONF *conf, + const char *client_section) { STACK_OF(CONF_VALUE) *sk_conf; - SSL_TEST_CTX *ctx; int i; size_t j; - sk_conf = NCONF_get_section(conf, test_section); + sk_conf = NCONF_get_section(conf, client_section); OPENSSL_assert(sk_conf != NULL); - ctx = SSL_TEST_CTX_new(); - OPENSSL_assert(ctx != NULL); + for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) { + int found = 0; + const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i); + for (j = 0; j < OSSL_NELEM(ssl_test_client_options); j++) { + if (strcmp(option->name, ssl_test_client_options[j].name) == 0) { + if (!ssl_test_client_options[j].parse(client, option->value)) { + fprintf(stderr, "Bad value %s for option %s\n", + option->value, option->name); + return 0; + } + found = 1; + break; + } + } + if (!found) { + fprintf(stderr, "Unknown test option: %s\n", option->name); + return 0; + } + } + + return 1; +} + +static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf, + const char *server_section) +{ + STACK_OF(CONF_VALUE) *sk_conf; + int i; + size_t j; + + sk_conf = NCONF_get_section(conf, server_section); + OPENSSL_assert(sk_conf != NULL); for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) { int found = 0; const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i); - for (j = 0; j < OSSL_NELEM(ssl_test_ctx_options); j++) { - if (strcmp(option->name, ssl_test_ctx_options[j].name) == 0) { - if (!ssl_test_ctx_options[j].parse(ctx, option->value)) { + for (j = 0; j < OSSL_NELEM(ssl_test_server_options); j++) { + if (strcmp(option->name, ssl_test_server_options[j].name) == 0) { + if (!ssl_test_server_options[j].parse(server, option->value)) { fprintf(stderr, "Bad value %s for option %s\n", option->value, option->name); - goto err; + return 0; } found = 1; break; @@ -441,7 +495,72 @@ SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section) } if (!found) { fprintf(stderr, "Unknown test option: %s\n", option->name); - goto err; + return 0; + } + } + + return 1; +} + +SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section) +{ + STACK_OF(CONF_VALUE) *sk_conf; + SSL_TEST_CTX *ctx; + int i; + size_t j; + + sk_conf = NCONF_get_section(conf, test_section); + OPENSSL_assert(sk_conf != NULL); + + ctx = SSL_TEST_CTX_new(); + OPENSSL_assert(ctx != NULL); + + for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) { + int found = 0; + const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i); + + /* Subsections */ + if (strcmp(option->name, "client") == 0) { + if (!parse_client_options(&ctx->extra.client, conf, + option->value)) + goto err; + } else if (strcmp(option->name, "server") == 0) { + if (!parse_server_options(&ctx->extra.server, conf, + option->value)) + goto err; + } else if (strcmp(option->name, "server2") == 0) { + if (!parse_server_options(&ctx->extra.server2, conf, + option->value)) + goto err; + } else if (strcmp(option->name, "resume-client") == 0) { + if (!parse_client_options(&ctx->resume_extra.client, conf, + option->value)) + goto err; + } else if (strcmp(option->name, "resume-server") == 0) { + if (!parse_server_options(&ctx->resume_extra.server, conf, + option->value)) + goto err; + } else if (strcmp(option->name, "resume-server2") == 0) { + if (!parse_server_options(&ctx->resume_extra.server2, conf, + option->value)) + goto err; + + } else { + for (j = 0; j < OSSL_NELEM(ssl_test_ctx_options); j++) { + if (strcmp(option->name, ssl_test_ctx_options[j].name) == 0) { + if (!ssl_test_ctx_options[j].parse(ctx, option->value)) { + fprintf(stderr, "Bad value %s for option %s\n", + option->value, option->name); + goto err; + } + found = 1; + break; + } + } + if (!found) { + fprintf(stderr, "Unknown test option: %s\n", option->name); + goto err; + } } } diff --git a/test/ssl_test_ctx.h b/test/ssl_test_ctx.h index 047ea8b9cd..a939f3d560 100644 --- a/test/ssl_test_ctx.h +++ b/test/ssl_test_ctx.h @@ -60,23 +60,67 @@ typedef enum { SSL_TEST_HANDSHAKE_RENEGOTIATE } ssl_handshake_mode_t; -typedef struct ssl_test_ctx { - /* Test expectations. */ +/* + * Server/client settings that aren't supported by the SSL CONF library, + * such as callbacks. + */ +typedef struct { + /* One of a number of predefined custom callbacks. */ + ssl_verify_callback_t verify_callback; + /* One of a number of predefined server names use by the client */ + ssl_servername_t servername; + /* Supported NPN and ALPN protocols. A comma-separated list. */ + char *npn_protocols; + char *alpn_protocols; +} SSL_TEST_CLIENT_CONF; + +typedef struct { + /* SNI callback (server-side). */ + ssl_servername_callback_t servername_callback; + /* Supported NPN and ALPN protocols. A comma-separated list. */ + char *npn_protocols; + char *alpn_protocols; + /* Whether to set a broken session ticket callback. */ + int broken_session_ticket; +} SSL_TEST_SERVER_CONF; + +typedef struct { + SSL_TEST_CLIENT_CONF client; + SSL_TEST_SERVER_CONF server; + SSL_TEST_SERVER_CONF server2; +} SSL_TEST_EXTRA_CONF; + +typedef struct { + /* + * Global test configuration. Does not change between handshakes. + */ + /* Whether the server/client CTX should use DTLS or TLS. */ + ssl_test_method_t method; + /* Whether to test a resumed/renegotiated handshake. */ + ssl_handshake_mode_t handshake_mode; + + /* + * Extra server/client configurations. Per-handshake. + */ + /* First handshake. */ + SSL_TEST_EXTRA_CONF extra; + /* Resumed handshake. */ + SSL_TEST_EXTRA_CONF resume_extra; + + /* + * Test expectations. These apply to the LAST handshake. + */ /* Defaults to SUCCESS. */ ssl_test_result_t expected_result; /* Alerts. 0 if no expectation. */ /* See ssl.h for alert codes. */ /* Alert sent by the client / received by the server. */ - int client_alert; + int expected_client_alert; /* Alert sent by the server / received by the client. */ - int server_alert; + int expected_server_alert; /* Negotiated protocol version. 0 if no expectation. */ /* See ssl.h for protocol versions. */ - int protocol; - /* One of a number of predefined custom callbacks. */ - ssl_verify_callback_t client_verify_callback; - /* One of a number of predefined server names use by the client */ - ssl_servername_t servername; + int expected_protocol; /* * The expected SNI context to use. * We test server-side that the server switched to the expected context. @@ -88,26 +132,10 @@ typedef struct ssl_test_ctx { * client-side via the API that this was the case. */ ssl_servername_t expected_servername; - ssl_servername_callback_t servername_callback; ssl_session_ticket_t session_ticket_expected; - /* Whether the server/client CTX should use DTLS or TLS. */ - ssl_test_method_t method; - - /* - * NPN and ALPN protocols supported by the client, server, and second - * (SNI) server. A comma-separated list. - */ - char *client_npn_protocols; - char *server_npn_protocols; - char *server2_npn_protocols; + /* The expected NPN/ALPN protocol to negotiate. */ char *expected_npn_protocol; - char *client_alpn_protocols; - char *server_alpn_protocols; - char *server2_alpn_protocols; char *expected_alpn_protocol; - - /* Whether to test a resumed/renegotiated handshake. */ - ssl_handshake_mode_t handshake_mode; /* Whether the second handshake is resumed or a full handshake (boolean). */ int resumption_expected; } SSL_TEST_CTX; @@ -125,7 +153,7 @@ const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode); /* * Load the test case context from |conf|. - * See test/README.ssl_test for details on the conf file format. + * See test/README.ssltest.md for details on the conf file format. */ SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section); diff --git a/test/ssl_test_ctx_test.c b/test/ssl_test_ctx_test.c index 52691f094a..a779ed16d4 100644 --- a/test/ssl_test_ctx_test.c +++ b/test/ssl_test_ctx_test.c @@ -32,43 +32,109 @@ typedef struct ssl_test_ctx_test_fixture { SSL_TEST_CTX *expected_ctx; } SSL_TEST_CTX_TEST_FIXTURE; + +static int SSL_TEST_CLIENT_CONF_equal(SSL_TEST_CLIENT_CONF *client, + SSL_TEST_CLIENT_CONF *client2) +{ + if (client->verify_callback != client2->verify_callback) { + fprintf(stderr, "ClientVerifyCallback mismatch: %s vs %s.\n", + ssl_verify_callback_name(client->verify_callback), + ssl_verify_callback_name(client2->verify_callback)); + return 0; + } + if (client->servername != client2->servername) { + fprintf(stderr, "ServerName mismatch: %s vs %s.\n", + ssl_servername_name(client->servername), + ssl_servername_name(client2->servername)); + return 0; + } + if (!strings_equal("Client NPNProtocols", client->npn_protocols, + client2->npn_protocols)) + return 0; + if (!strings_equal("Client ALPNProtocols", client->alpn_protocols, + client2->alpn_protocols)) + return 0; + return 1; +} + +static int SSL_TEST_SERVER_CONF_equal(SSL_TEST_SERVER_CONF *server, + SSL_TEST_SERVER_CONF *server2) +{ + if (server->servername_callback != server2->servername_callback) { + fprintf(stderr, "ServerNameCallback mismatch: %s vs %s.\n", + ssl_servername_callback_name(server->servername_callback), + ssl_servername_callback_name(server2->servername_callback)); + return 0; + } + if (!strings_equal("Server NPNProtocols", server->npn_protocols, + server2->npn_protocols)) + return 0; + if (!strings_equal("Server ALPNProtocols", server->alpn_protocols, + server2->alpn_protocols)) + return 0; + if (server->broken_session_ticket != server2->broken_session_ticket) { + fprintf(stderr, "Broken session ticket mismatch: %d vs %d.\n", + server->broken_session_ticket, server2->broken_session_ticket); + return 0; + } + return 1; +} + +static int SSL_TEST_EXTRA_CONF_equal(SSL_TEST_EXTRA_CONF *extra, + SSL_TEST_EXTRA_CONF *extra2) +{ + return SSL_TEST_CLIENT_CONF_equal(&extra->client, &extra2->client) + && SSL_TEST_SERVER_CONF_equal(&extra->server, &extra2->server) + && SSL_TEST_SERVER_CONF_equal(&extra->server2, &extra2->server2); +} + /* Returns 1 if the contexts are equal, 0 otherwise. */ static int SSL_TEST_CTX_equal(SSL_TEST_CTX *ctx, SSL_TEST_CTX *ctx2) { + if (ctx->method != ctx2->method) { + fprintf(stderr, "Method mismatch: %s vs %s.\n", + ssl_test_method_name(ctx->method), + ssl_test_method_name(ctx2->method)); + return 0; + } + if (ctx->handshake_mode != ctx2->handshake_mode) { + fprintf(stderr, "HandshakeMode mismatch: %s vs %s.\n", + ssl_handshake_mode_name(ctx->handshake_mode), + ssl_handshake_mode_name(ctx2->handshake_mode)); + return 0; + } + + if (!SSL_TEST_EXTRA_CONF_equal(&ctx->extra, &ctx2->extra)) { + fprintf(stderr, "Extra conf mismatch.\n"); + return 0; + } + if (!SSL_TEST_EXTRA_CONF_equal(&ctx->resume_extra, &ctx2->resume_extra)) { + fprintf(stderr, "Resume extra conf mismatch.\n"); + return 0; + } + if (ctx->expected_result != ctx2->expected_result) { fprintf(stderr, "ExpectedResult mismatch: %s vs %s.\n", ssl_test_result_name(ctx->expected_result), ssl_test_result_name(ctx2->expected_result)); return 0; } - if (ctx->client_alert != ctx2->client_alert) { + if (ctx->expected_client_alert != ctx2->expected_client_alert) { fprintf(stderr, "ClientAlert mismatch: %s vs %s.\n", - ssl_alert_name(ctx->client_alert), - ssl_alert_name(ctx2->client_alert)); + ssl_alert_name(ctx->expected_client_alert), + ssl_alert_name(ctx2->expected_client_alert)); return 0; } - if (ctx->server_alert != ctx2->server_alert) { + if (ctx->expected_server_alert != ctx2->expected_server_alert) { fprintf(stderr, "ServerAlert mismatch: %s vs %s.\n", - ssl_alert_name(ctx->server_alert), - ssl_alert_name(ctx2->server_alert)); + ssl_alert_name(ctx->expected_server_alert), + ssl_alert_name(ctx2->expected_server_alert)); return 0; } - if (ctx->protocol != ctx2->protocol) { + if (ctx->expected_protocol != ctx2->expected_protocol) { fprintf(stderr, "ClientAlert mismatch: %s vs %s.\n", - ssl_protocol_name(ctx->protocol), - ssl_protocol_name(ctx2->protocol)); - return 0; - } - if (ctx->client_verify_callback != ctx2->client_verify_callback) { - fprintf(stderr, "ClientVerifyCallback mismatch: %s vs %s.\n", - ssl_verify_callback_name(ctx->client_verify_callback), - ssl_verify_callback_name(ctx2->client_verify_callback)); - return 0; - } - if (ctx->servername != ctx2->servername) { - fprintf(stderr, "ServerName mismatch: %s vs %s.\n", - ssl_servername_name(ctx->servername), - ssl_servername_name(ctx2->servername)); + ssl_protocol_name(ctx->expected_protocol), + ssl_protocol_name(ctx2->expected_protocol)); return 0; } if (ctx->expected_servername != ctx2->expected_servername) { @@ -77,57 +143,18 @@ static int SSL_TEST_CTX_equal(SSL_TEST_CTX *ctx, SSL_TEST_CTX *ctx2) ssl_servername_name(ctx2->expected_servername)); return 0; } - if (ctx->servername_callback != ctx2->servername_callback) { - fprintf(stderr, "ServerNameCallback mismatch: %s vs %s.\n", - ssl_servername_callback_name(ctx->servername_callback), - ssl_servername_callback_name(ctx2->servername_callback)); - return 0; - } if (ctx->session_ticket_expected != ctx2->session_ticket_expected) { fprintf(stderr, "SessionTicketExpected mismatch: %s vs %s.\n", ssl_session_ticket_name(ctx->session_ticket_expected), ssl_session_ticket_name(ctx2->session_ticket_expected)); return 0; } -#ifndef OPENSSL_NO_NEXTPROTONEG - if (!strings_equal("ClientNPNProtocols", ctx->client_npn_protocols, - ctx2->client_npn_protocols)) - return 0; - if (ctx->method != ctx2->method) { - fprintf(stderr, "Method mismatch: %s vs %s.\n", - ssl_test_method_name(ctx->method), - ssl_test_method_name(ctx2->method)); - return 0; - } - if (!strings_equal("ServerNPNProtocols", ctx->server_npn_protocols, - ctx2->server_npn_protocols)) - return 0; - if (!strings_equal("Server2NPNProtocols", ctx->server_npn_protocols, - ctx2->server_npn_protocols)) - return 0; if (!strings_equal("ExpectedNPNProtocol", ctx->expected_npn_protocol, ctx2->expected_npn_protocol)) return 0; - if (!strings_equal("ClientALPNProtocols", ctx->client_alpn_protocols, - ctx2->client_alpn_protocols)) - return 0; - - if (!strings_equal("ServerALPNProtocols", ctx->server_alpn_protocols, - ctx2->server_alpn_protocols)) - return 0; - if (!strings_equal("Server2ALPNProtocols", ctx->server_alpn_protocols, - ctx2->server_alpn_protocols)) - return 0; if (!strings_equal("ExpectedALPNProtocol", ctx->expected_alpn_protocol, ctx2->expected_alpn_protocol)) return 0; -#endif - if (ctx->handshake_mode != ctx2->handshake_mode) { - fprintf(stderr, "HandshakeMode mismatch: %s vs %s.\n", - ssl_handshake_mode_name(ctx->handshake_mode), - ssl_handshake_mode_name(ctx2->handshake_mode)); - return 0; - } if (ctx->resumption_expected != ctx2->resumption_expected) { fprintf(stderr, "ResumptionExpected mismatch: %d vs %d.\n", ctx->resumption_expected, ctx2->resumption_expected); @@ -205,25 +232,33 @@ static int test_good_configuration() { SETUP_SSL_TEST_CTX_TEST_FIXTURE(); fixture.test_section = "ssltest_good"; + fixture.expected_ctx->method = SSL_TEST_METHOD_DTLS; + fixture.expected_ctx->handshake_mode = SSL_TEST_HANDSHAKE_RESUME; + fixture.expected_ctx->expected_result = SSL_TEST_SERVER_FAIL; - fixture.expected_ctx->client_alert = SSL_AD_UNKNOWN_CA; - fixture.expected_ctx->server_alert = 0; /* No alert. */ - fixture.expected_ctx->protocol = TLS1_1_VERSION; - fixture.expected_ctx->client_verify_callback = SSL_TEST_VERIFY_REJECT_ALL; - fixture.expected_ctx->servername = SSL_TEST_SERVERNAME_SERVER2; + fixture.expected_ctx->expected_client_alert = SSL_AD_UNKNOWN_CA; + fixture.expected_ctx->expected_server_alert = 0; /* No alert. */ + fixture.expected_ctx->expected_protocol = TLS1_1_VERSION; fixture.expected_ctx->expected_servername = SSL_TEST_SERVERNAME_SERVER2; - fixture.expected_ctx->servername_callback = - SSL_TEST_SERVERNAME_IGNORE_MISMATCH; fixture.expected_ctx->session_ticket_expected = SSL_TEST_SESSION_TICKET_YES; - fixture.expected_ctx->method = SSL_TEST_METHOD_DTLS; -#ifndef OPENSSL_NO_NEXTPROTONEG - fixture.expected_ctx->client_npn_protocols = OPENSSL_strdup("foo,bar"); - fixture.expected_ctx->server2_alpn_protocols = OPENSSL_strdup("baz"); - OPENSSL_assert(fixture.expected_ctx->client_npn_protocols != NULL); - OPENSSL_assert(fixture.expected_ctx->server2_alpn_protocols != NULL); -#endif - fixture.expected_ctx->handshake_mode = SSL_TEST_HANDSHAKE_RESUME; fixture.expected_ctx->resumption_expected = 1; + + fixture.expected_ctx->extra.client.verify_callback = + SSL_TEST_VERIFY_REJECT_ALL; + fixture.expected_ctx->extra.client.servername = SSL_TEST_SERVERNAME_SERVER2; + fixture.expected_ctx->extra.client.npn_protocols = + OPENSSL_strdup("foo,bar"); + OPENSSL_assert(fixture.expected_ctx->extra.client.npn_protocols != NULL); + + fixture.expected_ctx->extra.server.servername_callback = + SSL_TEST_SERVERNAME_IGNORE_MISMATCH; + fixture.expected_ctx->extra.server.broken_session_ticket = 1; + + fixture.expected_ctx->resume_extra.server2.alpn_protocols = + OPENSSL_strdup("baz"); + OPENSSL_assert( + fixture.expected_ctx->resume_extra.server2.alpn_protocols != NULL); + EXECUTE_SSL_TEST_CTX_TEST(); } diff --git a/test/ssl_test_ctx_test.conf b/test/ssl_test_ctx_test.conf index eacf58a9ed..73878a17ff 100644 --- a/test/ssl_test_ctx_test.conf +++ b/test/ssl_test_ctx_test.conf @@ -1,19 +1,31 @@ [ssltest_default] [ssltest_good] +client = ssltest_good_client_extra +server = ssltest_good_server_extra +resume-server2 = ssltest_good_resume_server2_extra + +Method = DTLS +HandshakeMode = Resume + ExpectedResult = ServerFail -ClientAlert = UnknownCA -Protocol = TLSv1.1 -ClientVerifyCallback = RejectAll -ServerName = server2 +ExpectedClientAlert = UnknownCA +ExpectedProtocol = TLSv1.1 ExpectedServerName = server2 -ServerNameCallback = IgnoreMismatch SessionTicketExpected = Yes -Method = DTLS -ClientNPNProtocols = foo,bar -Server2ALPNProtocols = baz -HandshakeMode = Resume -ResumptionExpected = yes +ResumptionExpected = Yes + +[ssltest_good_client_extra] +VerifyCallback = RejectAll +ServerName = server2 +NPNProtocols = foo,bar + +[ssltest_good_server_extra] +ServerNameCallback = IgnoreMismatch +BrokenSessionTicket = Yes + +[ssltest_good_resume_server2_extra] +ALPNProtocols = baz [ssltest_unknown_option] UnknownOption = Foo |